What is Locker Ransomware

Traditionally, ransomware extorts money from its victims by encrypting their files. Without access to the decryption key used to unlock the files, they are unreadable. As a result, the user is forced to pay the ransom, restore from backups, or write off the lost data.

Locker ransomware or ‘lockers’ are a type of ransomware that doesn’t use encryption. Instead, it prevents the user from using their device. The ransomware will then display a message to the user that extorts a fee to restore access to their device.

Request a Demo Learn More

How Does it Work?

Lockers use common malware infection methods to gain access to a user’s device. For example, they might be distributed via malicious advertising or as a trojan horse, tricking their way onto a user’s device.

Once on a device, the locker will lock down the computer, preventing the user from using the device.

This can be accomplished in a few different ways, including:

  • Full-Screen Windows: Locker ransomware might use a full-screen browser window to make it look like a user’s device is locked. By hiding the taskbar and disabling the cursor and hotkeys, the malware simulates a lock screen.
  • Changing Credentials: Lockers may also change the password or PIN of a device or modify the system in a way that denies access to critical system functions. These attacks are more dangerous because there is a higher probability of actually locking the device or losing data.

 

Typically, ransomware operators are transparent about the fact that they are cybercriminals demanding a ransom for their attacks. Lockers, on the other hand, may pretend to be law enforcement demanding a legitimate fine for illegal activity such as viewing prohibited content.

Locker Ransomware Capabilities

Locker ransomware’s primary purpose is to lock a user’s computer and solicit a ransom. The malware’s core capabilities are geared toward this purpose.

However, some locker ransomware may have additional capabilities designed to help sell the con to the victim. As mentioned above, some lockers will claim that users have viewed illegal content and that the ransom payment is a fine for that activity. In these scenarios, the malware might include the ability to capture screenshots via the infected computer’s webcam, which can be used to “prove” that the malware observed the user performing the illegal action.

Examples of Locker Ransomware

Locker ransomware is less common than crypto-ransomware, which encrypts files and demands a ransom payment for the associated decryption key. However, several locker ransomware variants exist, including WinLock, Reveton, and LockerPin.

 

Different locker ransomware variants use different techniques and target various devices. For example, some use the full-browser window approach to pretend to lock a device, while others are malicious mobile apps that change a user’s PIN. Additionally, locker ransomware may incorporate other functionality, such as taking users’ pictures to make their pretext more believable.

How to Prevent Locker Ransomware Attacks

Locker ransomware differs from other ransomware in that it doesn’t try to encrypt the user’s folders. This requires a different approach than for preventing other types of ransomware attacks.

Some best practices for managing the threat of lockers include:

  • Web Security: Locker ransomware commonly infects devices via malvertising or trojans. Web security solutions can help to detect and block these malicious downloads.
  • Anti-Ransomware Solutions: Anti-ransomware solutions — for both desktops and mobile devices — can identify ransomware attacks. These solutions block the malware from being installed or executed on the device.
  • Multi-Factor Authentication (MFA): Some lockers change the user’s PIN or password on the infected device. Implementing MFA can make it more difficult for the malware to accomplish this.
  • Least Privilege: The principle of least privilege states that users and apps should only have the privileges needed to perform their roles. Implementing the least privilege may prevent locker malware from gaining the access required to change users’ passwords.

Prevent Ransomware Attacks with Check Point

Ransomware has emerged as one of the most significant threats to corporate cybersecurity and data security. These attacks come in various forms, including data encryption, data theft, device locking, and more. Locker ransomware has the potential to be one of the less dangerous ransomware variants — if it uses full-screen browser windows to “lock” devices — or it has the potential to cause complete data loss for its victims. To learn more about protecting against lockers and other forms of ransomware, check out the CISO’s Guide to Ransomware Prevention.

In addition to ransomware, companies face a range of other endpoint security risks. Check Point’s 2023 Cyber Security Report explores the main cybersecurity threats that companies face today.

Check Point’s Harmony Endpoint offers protection against all types of ransomware and other endpoint security threats. To learn more about the benefits that Harmony Endpoint can provide to your organization and its ransomware defense strategy, reach out and schedule a free demo today.

Get Started

CISO’s Guide to Ransomware Prevention

Anti-Ransomware

Harmony Endpoint Protection 

Speak to an expert

Related Topics

Ransomware Recovery

How to Prevent Ransomware

Ransomware Attack

Ryuk Ransomware Attack

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK