Retire Takahiro Locker ransomware y restauración de archivos cifrados - Cómo, Foro de Tecnología y Seguridad PC | SensorsTechForum.com
eliminan la amenaza

Retire Takahiro Locker ransomware y restauración de archivos cifrados

1 Star2 Stars3 Stars4 Stars5 Stars (Sin clasificación todavía)
Cargando ...

STF-takahiro-vestuario-ransomware microcítico

Takahiro Locker es el nombre de un ransomware, los cuales tiene su mensaje de rescate escrita en japonés. A pesar de eso, Los usuarios japoneses podrían no ser los únicos dirigidos. El ransomware busca para cifrar archivos con un pequeño número de extensiones, but ones with the most important data to users. To see how to remove this ransomware and what can try to restore your files, usted debe leer este artículo a su fin.

Resumen de amenazas

NombreTakahiro Locker
EscribeEl ransomware
Descripción breveThe ransomware encrypts files asks for a ransom of 3 Bitcoins.
Los síntomasThe ransomware locks mainly documents and pictures among media files. It creates a ransom note written in Japanese.
Método de distribuciónLos correos electrónicos de spam, Archivos adjuntos de correo electrónico, Los archivos ejecutables
Herramienta de detección See If Your System Has Been Affected by Takahiro Locker

Descargar

Herramienta de eliminación de software malintencionado

Experiencia de usuarioUnirse a nuestro foro to Discuss Takahiro Locker.
Herramienta de recuperación de datosVentanas de recuperación de datos de Stellar Phoenix darse cuenta! Este producto escanea los sectores del disco para recuperar archivos perdidos y no puede recuperarse 100% de los archivos cifrados, pero sólo unos pocos de ellos, dependiendo de la situación y de si está o no han reformateado la unidad.

Takahiro Locker Ransomware – Delivery

Takahiro Locker ransomware has an .exe file which delivers its payload. That executable file is delivered in a couple of ways. One of the ways is if the file is dropped by other malware, and another – if the user downloaded the file without knowing about it. Sitios web maliciosos, las redes de medios sociales, and file-sharing services can all be the source of download.

Spam emails are not excluded from delivering this ransomware infection. Inside emails, there could be malicious code – either as an attachment or in the body of the email. Downloading an attachment or simply opening an email might download the malware executable of Takahiro Locker. Be very careful around spam emails and files with an unknown origin if you want to avoid not getting infected.

Takahiro Locker Ransomware – Technical Overview

Takahiro Locker is how this ransomware is called. That is the name showing in the lock screen after file encryption. It is believed that is Japanese in origin but might also target other Japanese speakers across the world.

Below is a list with the most popular names of Takahiro Locker shown as detections in anti-malware programs:

  • Trojan.Win32.Scar.nzln (Kaspersky)
  • Trojan.GenericKD.3222895 (BitDefender)
  • W32/Scar.NZLN!tr (Fortinet)
  • Ransom_TAKALOCKER.A (TrendMicro)

Once the payload is unleashed, the ransomware will make new folders on the compromised computer and create the following directory:

→%User Temp%\Google\Chrome

Inside it will copy itself under the name “Update.exe”, and this will look exactly like a temporary update for the Google Chrome browser. Después de esto, two registry entries will be made inside the Windows Registry.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Google Chrome Update Check = %User Temp%\Google\Chrome\Update.exe

HKEY_CURRENT_USER\Software\Google\Update\SEND SENDING = [random address]

The first registry entry integrates an auto-start mechanism in Windows so that the ransomware can launch with each boot of the Operating System. The second string in the registry will probably send information to the malware owner via some electronic address.

STF-takahiro-locker-ransomware-error-message-kill-me-warning

You can see this error show up on your screen at some point later (Image on the right). The error message says: “WARNING RUNNING KILL ME! ". The message serves as an initiation for the plot of the ransom note. It is all part of the scare plan to trick you into paying the ransom. Después, Takahiro Locker ransomware will start encrypting files.

The encrypted files are usually documents and pictures, but it can lock other files people use on a daily basis. Una vez que el cifrado se realiza, a ransom note is created, and this lock screen pops up:

STF-takahiro-locker-ransomware-lock-screen

The ransom note on the lock screen is written in Japanese, but a rough translation reads:

¡Hola,
this is Tang, a Lawyer.
You have made an illegal file transfer, so I have locked your PC.
Para desbloquear sus archivos, usted tiene que pagar 3 bitcoins dentro 3 días.
You need to have 30,000 Japanese Yen, to transfer them to Bitcoins and send them to me.
Si no paga en el plazo 3 días, the key for decryption will be deleted from where the server is stored and the data of your PC can no longer be returned.
Clic en el botón “Siguiente”.

As we see from the note above, the price of the ransom 3 Bitcoins. And the threat of not sending a decryption key if the ransom is not paid within 3 days is probably true.

Everything from the error message to the ransom note is very cleverly made. In most countries the trick might work, because governments watch about file downloads, and this action is punishable by law. Having strict laws about downloads might work in the few countries which speak Japanese – Japan, Palau, Brasil, Estados Unidos, Perú, Filipinas, Francia.

Hacer NO pay the ransom if you recognize that you have been hit with this ransomware. Paying will only supply the malware creators with money, which will probably be used for other criminal acts. No proof exists that the decrypter tool given for money will even work.

Takahiro Locker is detected on VirusTotal from a lot of security programs:

STF-takahiro-locker-ransomware-virustotal-virus-total-detections

El Takahiro Locker ransomware locks files with extensions related to documents, fotos, torrentes, vídeos, music and archives. The extensions that the ransomware seeks to encrypt are very specific and small in number, but are what people still use to store their important data. The encrypted extensions are these:

→.txt, .jpg, .png, .bmp, .cremallera, .rar, .torrente, .7desde, .sql, .pdf, .toma, .mp3, .mp4, .flv, .lnk, .html, .php

Curiosamente, Takahiro Locker does not tamper with any files in these locations:

  • Ventanas
  • Vapor
  • Origen
  • Archivos de programa
  • the Recycle Bin

Takahiro Locker ransomware, probablemente, también se eliminan Instantáneas de volumen desde el sistema operativo Windows.

Retire Takahiro Locker ransomware y restauración de archivos cifrados

Si su PC está infectado con el Takahiro Locker ransomware, you should have experience in removing malware. You should get rid of the ransomware as soon as possible before it has the chance to continue encrypting files or spread deeper in your network. We recommend that you follow the step-by-step instructions provided down here.

avatar

Berta Bilbao

Berta es un investigador de malware dedicado, soñando por un espacio cibernético más seguro. Su fascinación con la seguridad que comenzó hace unos años, cuando un malware ella bloqueada fuera de su propio ordenador.

Más Mensajes

Dejar un comentario

Su dirección de correo electrónico no será publicada. Los campos necesarios están marcados *

Se agotó el tiempo límite. Vuelve a cargar de CAPTCHA.

Compartir en Facebook Compartir
Cargando ...
Compartir en Twitter Pío
Cargando ...
Compartir en Google Plus Compartir
Cargando ...
Compartir en Linkedin Compartir
Cargando ...
Compartir en Digg Compartir
Compartir en Reddit Compartir
Cargando ...
Compartir en Stumbleupon Compartir
Cargando ...