Posts

METHOD: StalinLocker Malware

MalwareHunterTeam has discovered a new screenlocker malware that threatens to wipe the content of all the drives on a victim’s computer. The malware has been dubbed StalinLocker, because it displays a picture representation of the totalitarian dictator, Joseph Stalin on infected devices.

While the USSR anthem is playing in the background, the malware displays a countdown in the lower left corner and then prompts the user to enter the correct code in the next 10 minutes or the computer will be wiped cleaned, losing all user data.

According to MalwareHunterTeam, the correct code is the current date of the execution of the malware minus the date 1922.12.30. December 30, 1922 happens to be the day that the Treaty of Creation of the USSR was signed, establishing post-revolutionary Russia as it stands today. In order to enter the code correctly it needs to be converted into days before input. If the code is entered correctly, the wiper will exit and delete the autorun functionality of Stalin.exe.

Proficio Threat Intelligence Recommendations:

  • There is an unlock code that should be entered within ten minutes of infection or else the contents of drives on the host might be erased. Search for the current unlock code from the information security community. Many in the information security community say the unlock code is the day the malware was executed minus the number of days since 1922.12.30.
    Most antivirus vendors have good detection rates against this malware. Validate your antivirus software is up to date.

General Info – Click Here