I examine almost every new ransomware that is released and after a while they all start to become a blur. Once in a while, though, a ransomware is released that shows a bit of innovation or creativity and is worth discussing. This is the case with the InfinityLock ransowmare discovered this week by security researcher Leo.
While this ransomware's encryption code is based off of a junk ransomware that is decryptable and not innovative at all, the lock screen it displays to its victims is definitely more interesting. Instead of showing a static lock screen or text ransom note, InfinityLock will display a fake Windows Command Prompt where it looks like a hacker is typeing commands.
When the InfinityLock ransomware is launched, it will begin to encrypt a computer and then append an extension that is based off the victim's HWID of the CPU. When it has finished encrypting the victim's files, it will then display a fake Windows command prompt that pretends to have a hacker typing in commands to encrypt the computer. This can be seen in the video below.
As the computer is already encrypted before the above window is displayed, anything shown is purely for effect and is not actually being done. As already stated, this ransowmare is decryptable, so if you do run into it, do not pay the ransom.
Comments
Amigo-A - 6 years ago
Thank you! Now I understand some points of this story.
And I updated my article, with reference to yours article and details.