The ATAWARE lockscreen is a new virus which is being distributed against users worldwide. The security reports that the initial infections are probably with an early version that is to be updated in future releases. We assume that the samples are released using the most common methods. Typical strategies rely on sending out phishing emails that are designed to appear as legitimate notifications sent in by legitimate services and companies. The other popular methods include the insertion of the ATAWARE lockscreen virus code in payload carriers (documents and software installers), hijackers and etc.
As soon as the ATAWARE lockscreen is installed it will launch its built-in instructions which may launch various modules. The initial version doe not appear to contain any of them.
Possible additions to the future releases include the integration of common ransomware modules such as the following:
- Information Harvesting — This module can harvest sensitive information that can identify both the users and the compromised machines. This is done by searching for certain strings that can expose the victim users by revealing their personal information. The acquired machine information can be used to generate an unique ID that can identify the different devices.
- Applications Bypass and Data Removal — The other common module that is widely added is the one that scans for the presence of programs that can interfere with the proper infection. They will be disabled or entirely removed, the list includes: anti-virus programs, sandbox environments and firewalls. This can be combined with the removal of sensitive data which can make recovery very difficult.
- Additional Payload Delivery — The made infections can be used to install other malware such as Trojans, miners and hijackers.
As soon as all prior components have finished running the ransomware engine will be started. It will use a built-in list of target file type extensions and a strong cipher in order to make the data unusable. In the captured samples this behavior was inactive, we might see it working in the upcoming versions.
A lockscreen instance will be started instead of creating a ransomware note to blackmail the victims into paying the attackers a decryption fee. In some cases it will make it impossible to interact with the computers unless the virus is completely removed.
ATAWARE Lockscreen — Update
Some of the later strains of the lockscreen engage a file encryption engine which will use a strong cipher and process user data. A built-in list of target file type extensions may be used which will usually act against images, videos, music, databases, archives and etc. The .ATANUR extension will be applied to the victim data.
|Short Description||The ransomware encrypts files on your computer machine and demands a ransom to be paid to allegedly restore them.|
|Symptoms||The ransomware will show lockscreen blackmail window to the users. User data is also encrypted.|
|Distribution Method||Spam Emails, Email Attachments|
|Detection Tool|| See If Your System Has Been Affected by ATAWARE Lockscreen |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss ATAWARE Lockscreen.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
ATAWARE Lockscreen – What Does It Do?
ATAWARE Lockscreen could spread its infection in various ways. A payload dropper which initiates the malicious script for this ransomware is being spread around the Internet. ATAWARE Lockscreen might also distribute its payload file on social media and file-sharing services. Freeware which is found on the Web can be presented as helpful also be hiding the malicious script for the cryptovirus. Read the tips for ransomware prevention from our forum.
ATAWARE Lockscreen is a cryptovirus that encrypts your files and shows a window with instructions on your computer screen. The extortionists want you to pay a ransom for the alleged restoration of your files. The main engine could make entries in the Windows Registry to achieve persistence, and interfere with processes in Windows.
The ATAWARE Lockscreen presents a lockscreen and it will encrypt user data according to a built-in list of target file type extensions. As soon as all modules have finished running in their prescribed order the lockscreen will launch an application frame which will prevent the users from interacting with their computers. It will display the ransomware note to the victims.
You should NOT under any circumstances pay any ransom sum. Your files may not get recovered, and nobody could give you a guarantee for that.
The ATAWARE Lockscreen cryptovirus could be set to erase all the Shadow Volume Copies from the Windows operating system with the help of the following command:
→vssadmin.exe delete shadows /all /Quiet
If your computer device was infected with this ransomware and your files are locked, read on through to find out how you could potentially restore your files back to normal.
Remove ATAWARE Lockscreen
If your computer system got infected with the .ATANUR Files ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.