Tuesday, June 18, 2024
HomeCyber CrimeAstraLocker 2.0 ransomware isn’t going to give you your files back

AstraLocker 2.0 ransomware isn’t going to give you your files back


According to Reversing Labs, the most recent version of AstraLocker is conducting a “smash and grab” ransomware attack.


The goal of smash and grab is to maximise profit as quickly as possible. Malware developers operate on the presumption that victims or security software will rapidly discover the malware, hence it is preferable to go right along to the finish line. Adware bundles made the most of this strategy in the early 2000s by charging money for hundreds of advertisements to appear on desktops as quickly as possible.


That ethos of “smash and grab” endures.

In a ransomware assault, hackers generally get access to a victim’s network via stolen Remote Desktop Protocol (RDP) credentials, a trojan that has already infected a computer, or a software weakness on a server that is accessible from the internet. Then, they stealthily travel to the computers and servers that house crucial data. Any valuable items are taken and sent outside the network. The deployment of ransomware, which encrypts the data on the workstations and renders them worthless, occurs when the attacker is fully prepared. From this point on, extortion with a double or even triple threat (blackmail plus the danger of data disclosure) is used. Attackers may halt organisations in their tracks by taking a cautious approach, which can occasionally take weeks, and demanding large ransom payments.

Since it is so effective, this method is utilised with practically all significant ransomware families.

However, AstraLocker does not perform this; it is not a significant ransomware family. (These two issues might be related.)

Click to start

AstraLocker just shows up and starts encrypting in the assaults that Reversing Labs has seen.

It first appears as a Word document that was attached to an email. An embedded OLE object is the document’s hidden payload. The victim must double-click the symbol in the document that displays a security alert in order to start the ransomware. Researchers point out that this approach is less sophisticated than the recent Follina vulnerability (which requires no user involvement) or even the usage of macros improperly (which some user interaction).

So far, so good, you may assume. There is, however, a sting in the tail.

They accept Monero or Bitcoin as payment for the “approximately $50 USD” cost of their decryption software. Since the email addresses connected to the original campaign have been changed, it is unclear who is behind this version of AstraLocker. Unfortunately, this is the point at which the circle of trust breaks down.

You may pay the ransom without any issues at all. The aspect of everything that involves producing money runs smoothly. the aspect of getting your files back? Not really. Only a portion of the new contact email address indicated above is provided.


There is presently no method to request the decryption tool from the creator of the ransomware. This is the fastest way you’ll ever lose both your data and $50, barring some kind of upgrade.


The circle of trust in this situation is more inclined to a downward curve, whether by accident or intentionally.

IEMA IEMLabshttps://iemlabs.com
IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us