The malwares are always on the lookout, find out more about the Regret Locker.
The hard disks of our computers are perhaps the most important part to us, since in that place we store any valuable information about our work, memories, important documents etc. There are text files, Word documents, images and videos that are of high value to each one of us, and many times we do not take the foresight to make security backups since we think, “well, what can go wrong”? At the beginning of last month, new malware was discovered that was attacking hard drives for financial gain. So keep coming back down to learn more about this new danger.
Regret Locker, what is it?
This is a type of cryptographic malware that tends to appear harmless, goes unnoticed and is usually found in the unsecured downloads we make, but when it is executed, it activates itself and uses several advanced functions to close files and encrypt them, in order to obtain a rescue for these files. It tends to contain a text document informing you that the files have been encrypted, and includes an email by which you must communicate in order to reach a monetary agreement with the perpetrator so that he can return the files to their original form.
The amount of money victims must pay varies depending on the victim, usually ranging from hundreds to thousands of dollars. The main targets are common users but may also include business owners and organizations as they tend to safeguard valuable information of utmost importance to their businesses. Fraudsters normally use crypto-currencies to carry out ransom transactions, since as we know, this is an untraceable currency that ensures the criminal is not traced or caught.
Encryptions are made with an algorithm called AES (Advanced Encryption Standard) which is one of the most used and difficult to corrupt. It is characterized by being a public algorithm, however it was used to encrypt documents of a high level of importance. The way in which the encryption works is the following: it is based on linear substitutions that are attached in blocks of 16 bytes, which are repeated each time in the form of “rounds”, each one of these rounds has a unique key that is incorporated to the calculations. If we change a single byte in any part of the encryption process, it will result in a completely different block from the previous one, all due to the structure of each of these blocks, which makes it almost impossible to decrypt them on our own, since only the perpetrator possesses the keys to be able to decrypt the files.
How do we know when our computer is infected?
At first glance, Regret Locker looks like common malware, as it follows the same operating mode as other ransomware. However, when the infected software is executed, we notice that the names of the files have been changed and the extension .mouse is attached; for example, we can notice that a file previously called “1.txt” is now under the name “1.txt.mouse”. Also, as previously mentioned, we can notice that a text file appears with a note explaining that the files have been encrypted and that you must pay to recover them. We can also notice that the stored files cannot be executed. In case of having removable disks or USB sticks connected, the files stored in these could also be affected and could be encrypted as well.
What can we do to prevent Regret locker?
Because Regret Locker is a type of malware that can be present in suspicious downloads, either by email or directly via the Internet, it must be prevented in a similar way to other malware such as Trojans or computer worms. Therefore, here are some tips to keep your computer protected from Regret Locker and other ransomware:
- Firstly, it is essential to be able to identify malicious websites, avoiding entering unsafe pages. To identify which pages are safe and which are not, you can look at the bar where the link is located or the address of the page you are visiting, which should indicate “HTTPS” as the “S” indicates that the address is safe. Otherwise, some browsers may alert you that the web page you are visiting is not safe.
- Avoid downloading files from unknown or suspicious emails. Sometimes when we have a job where we must receive many emails, we must take into account the address of these emails and identify if we know the origin of the email. We can also look for spelling mistakes, false addresses or false names. We can also filter the emails to discard those that may contain TXT files as they may commonly contain Regret Locker or other cryptomalware.
- Avoid downloading “pirated” or cracked software, try as much as possible to download original or purchased versions, as these can ensure you are clean and do not contain any kind of threat.
- Keep the software you use up to date, as these malware programs usually manage to get onto systems as people use older versions of their software, so they may have certain vulnerabilities that prevent the detection of these malicious software. Therefore, keeping these programs updated is a good option for keeping your system protected.
- Backing up your hard disk, you can make periodic backups and keep your important files on another hard disk or stored in the cloud. This way, when attacked by malware such as Regret Locker, you can eliminate it by debugging your PC or formatting it, and with the backup you can avoid losing those important files you had saved. These backups can be done depending on the amount of information you have saved. You can do this every month, every 3 or 6 months.
By knowing these recommendations we reinforce a little more our knowledge and have other alternatives to keep our equipment safe. This Regret locker is malware that has little time to be discovered, this shows us that we should not be negligent and always be careful with our movements on the Internet and keep our computers properly protected. If you own a business or organization, it is advisable to have a strong security policy and train employees to be aware of how cyber-crooks operate and learn how to identify threats. Similarly, if you think you may be under attack, you can feel free to communicate with our team and have information and tools to protect your business.