Cyber Security

StalinLocker Ransomware

StalinLocker ransomware gives victims time to enter the correct code within 10 minutes. If you enter the code incorrectly, it will mercilessly delete all the files on your hard drive!

The ransomware discovered by MalwareHunterTeam plays the soviet national anthem mp3 audio file copied to the UserProfileAppDataLocal directory when executed. The malicious ransomware duplicates itself as stalin.exe and creates an exe file that locks the screen and initiates the deletion when executed. It also keeps the userProfileAppDataLocalfl.dat file created and the remaining time to enter code every time the computer restarts. It triggers rerun by creating a scheduled task called “driver update”.

When the malicious ransomware infects your system and becomes active, you get a lock screen and a 10-minute timer. If you encounter such a screen, the code you need to enter is the code obtained by subtracting the date 30/12/1922 from the current date. When the correct code is entered, StalinLocker is automatically removed from your system.

If the countdown reaches zero and the correct code is not entered, all files on your hard drive will be deleted.

The best way to protect against such malware is to use multi-layer ATAGUC.