StalinLocker ransomware: Put unlock code or say goodbye to your data

StalinLocker ransomware gives victim ten minutes to put the code or watch their data being completely erased – There are no ransom demands.

Researchers have discovered a new ransomware that pays tribute to Joseph Stalin, the controversial leader of the Soviet Union in the 1940s and 1950s. 

Dubbed “StalinLocker,” the malware infects targeted devices and gives victims 10 minutes to enter the unlock code. If the code is not entered, wiper attempts to erase all files on the device.

The ransomware campaign was discovered by MalwareHunterTeam who noted that once StalinLocker takes over the computer screen, a red screen appears with the figure of Joseph Stalin flashing through his eyes, and the USSR anthem is played while the 10-minute count is started.

According to MalwareHunterTeam, the code to unlock the machine appears by subtracting the date when the program was run as of 12/30/1922. If you do not know, this date represents the foundation of the Union of Soviet Socialist Republics (USSR), including Russia, Ukraine, Belarus, Central Asian republics and Transcaucasia. 

There is no help on that picture about the key as I see…
See screenshot for how the key is calculated.
n = current date when the sample is executed
dt = 1922.12.30
So the key is: n – dt in days. pic.twitter.com/aRQbPZis9m

— MalwareHunterTeam (@malwrhunterteam) May 14, 2018

Usually, a ransomware attack aims at locking files and demand ransom from victims in Bitcoin or Monero cryptocurrency. However, StalinLocker has been developed only to damage user data since once the victim enters the code, the wiper frees files without any problem. 

Previously, a similar ransomware campaign was forcing users to play PlayerUnknown’s Battlegrounds (PUBG) game for one hour in order to get their files unlocked. The only and big difference was that it did not delete user data upon failure to play the game but rather gave them the restoration code for free.

Currently, StalinLocker is in its testing phases and it could become a bigger threat in future for Windows-based devices. Therefore, keep your device up to date and use an anti-malware software on your system. Stay safe online.