At the beginning of May 2018 a new crypto ransomware, called StalinLocker, has been noticed targeting primarily Russian – speaking users. Every part of this virus, starting with the name and ending with the screen note, is screaming – communism. However, the most interesting part is that it doesn’t require cryptocurrency ransom for the decryption key, but dares the victims to guess the unlock code themselves. If they fail to do so in 10 minutes StalinLocker deletes all files from any disks found in infected PC.
It seems that StalinLocker malware was created only to test the Slavic internet users’ patriotism and knowledge of USSR and punish those who are not supporters. It actually seems to be similar to an old Comrade Circle Virus from 2016, but instead of being driven by a desire to illegally earn money from affected users, StalinScreamer ransomware is powered by the Soviet times’ ideology.
No matter which part of the world you live in, and what language you speak, there are no borders in the cyber world, therefore preparing beforehand the infection can save your files from the ruthless StalinLocker virus, which without a doubt will delete your files.
Facts you need to know about StalinLocker ransomware
StalinScreamer virus distributes as a usual crypto-extortionist. It can spread via unsafe remote desktop connections, spam email attachments, part of infected update bundles, together with freeware and other files downloaded from unauthorized websites. In a nutshell, you can catch this malware because of your unsafe internet behavior. Once StalinLocker launches it starts the further installations needed to complete the infection.
The main things important for StalinLocker ransomware are to copy into user’s Local files directory the stalin.exe and USSR_Anthem.mp3 files so when the victim logs in virus executes a screenlocker with Stalin’s face (from one of the Soviet propaganda posters) and plays USSR’s Anthem in the background. StalinScreamer also gives victims 600 seconds countdown to guess the unblocking code, which gets divided by 3 each time you try to restart the program. What is more, this malware will modify the system’s registry to show up every time you try to restart your computer.
The screenlocker poster is an excerpt from an old poster of Stalin and has a quote saying:
The victory of socialism in our country is ensured.
The foundation of the socialist economy is completed.
“The reality of our production plan is millions of working people who are creating a new life.” I. Stalin.
Besides the socialism glorifying slogan there is no other information you would expect from a ransomware, like a ransom fee, contact information or further directions on what to do to unlock files. Just on a right bottom side, you have a tiny window where you can enter your guessed code and timer showing how much time is left before the complete file removal. For that StalinLocker has a special code allowing to go through all drive letters from A to Z and completely deleting every file found on them.
So what is the secret code which soviet crooks expect you to know? Simple – 1922.12.30 – the formation of the USSR. Seems logical, yet not many of us have this date printed into our memory. However, we should from now on, probably together with the rest of Soviet history, because cyber malware analysts predict that this ransomware is currently in development and can be easily adjusted to do more damage.
What are removal options of StalinLocker virus?
If you suddenly start hearing an old USSR anthem and see the red banner with Stalin, no doubt you got a StalinScreamer virus. Don’t wait and enter the cyber researcher discovered unlock passcode – 1922.12.30. This should be sufficient enough to exit and delete stalin.exe autorun and stop the disk cleaning process. But once you get rid of StalinLocker ransomware, don’t just relax and get back to your old ways.
Firstly, start practicing safe internet browsing techniques and always check what are you downloading. Secondly, it is beneficial to invest in a good trustworthy anti-virus software, malware removal tool. The analysis shows that the major cybersecurity products do recognize stalin.exe as a malicious threat and if the user would attempt to install it antivirus would block it and remove it, because of the suspected maliciousness. 2-viruses recommend mainly two great anti-spyware/file restore tools and Spyhunter. We have tested them on hundreds of other malware infections together with various other tools and have found Malwarebytes and Spyhunter to be the most proficient at virus removal, file restore.
Automatic Malware removal tools