ShellLocker Ransomware | You can't get out (at least not easily) | Summary and Q&A

48.5K views
November 19, 2016
by
The PC Security Channel
YouTube video player
ShellLocker Ransomware | You can't get out (at least not easily)

TL;DR

A demonstration of a new DotNet ransomware called Shell Locker, which locks the screen and encrypts files, with a countdown timer and demand for a ransom.

Install to Summarize YouTube Videos and Get Transcripts

Key Insights

  • 👶 Shell Locker is a new DotNet ransomware that locks the screen, encrypts files, and demands a ransom in Bitcoin.
  • 👻 Unlike most ransomware, Shell Locker does not allow users to access their computer to pay the ransom.
  • ⏲️ Rebooting the system does not remove Shell Locker, and the countdown timer may reset itself after each reboot.
  • 👨‍💻 Shell Locker is obfuscated, making it difficult to analyze its code for security researchers.
  • 🤩 Safe mode can provide limited access to disable Shell Locker, but file recovery may still be impossible without the encryption key.
  • 🕵️ Some popular antivirus engines still do not detect Shell Locker, highlighting the importance of updated security software.
  • 🎮 The video suggests that creating different variants of DotNet ransomware is relatively easy, and they do not necessarily need to be sophisticated to succeed.

Transcript

more new ransomware because that's what everybody needs this time it's a dotnet malware called shell Locker and from the name it's quite apparent as to what it does but I'll just let you see the results for yourself so we're just going to rename this to an executable file and now as you can see it looks like you know self-extracting archives instal... Read More

Questions & Answers

Q: How does Shell Locker ransomware work?

Shell Locker is a DotNet ransomware that locks the screen and encrypts files, demanding a ransom in Bitcoin. It prevents users from accessing their system and displays a countdown timer and a Bitcoin address for payment.

Q: Can users access their computer and pay the ransom in Shell Locker?

Unlike most ransomware, Shell Locker does not allow users to access their browser to pay the ransom. The ransomware completely locks the screen, making it impossible to interact with the computer.

Q: Are the files actually encrypted by Shell Locker?

Yes, the ransomware encrypts the files with the .locked extension, indicating that the files are indeed encrypted. The video demonstrates that attempting to open the encrypted files results in the inability to access them.

Q: Can Shell Locker be disabled and removed?

Shell Locker can be disabled in safe mode by disabling the startup items associated with it. However, removing the ransomware does not guarantee file recovery, as the encryption key is likely stored on the server side.

Summary & Key Takeaways

  • The video demonstrates the functionality of a new DotNet ransomware called Shell Locker, which locks the screen, encrypts files, and demands a ransom in Bitcoin.

  • It shows that the ransomware does not allow access to the computer, preventing users from paying the ransom through a browser.

  • The ransomware is persistent even after system reboots, but can be disabled in safe mode, although the encryption key is likely stored on the server side.

Share This Summary 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on:

Explore More Summaries from The PC Security Channel 📚

Summarize YouTube Videos and Get Video Transcripts with 1-Click

Download browser extensions on: