Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrade.
Please accept our apologies in advance for any inconvenience this might cause.

The Key(generator) to the SMS Ransomware Threat

Created: 08 May 2009 17:06:24 GMT • Updated: 23 Jan 2014 18:35:29 GMT
Symantec Security Response's picture
0 0 Votes
Login to vote

Andrea Lelli previously posted an analysis of a threat dubbed Trojan.Ransomlock. This threat was capable of locking out a user’s desktop and would only relinquish its hold when presented with an unlock code. The code, of course, could only be obtained from a premium rate text number. An infected user would be presented with a screen resembling the following on a compromised machine:

When the blog was posted, Symantec also released a tool that could be used to generate the unlock code. As could be expected, soon after this tool was released the attackers updated their code generation algorithm. In response, Symantec has created an online version of the tool, which handles all known code formats:

Symantec will continuously monitor for any new variants, and update the keygen tool as well.

Note: Thanks to Andrea Lelli for his analysis of the threat and John Park for creating the online version of the unlock tool.