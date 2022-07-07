A strain of virus called AstraLocker recently released a new version, which infects file attachments email through quick attacks, but capable of causing great damage. Continue reading and understand how this works. ransomware.

How does ransomware work?

A ransomware such as AstraLocker is basically malware that encrypts relevant files on a device’s local and network storage, demanding a ransom to decrypt them.

The most common ways to spread malware are to trick users into opening malicious email attachments, or to open files downloaded via links in emails.

On the other hand, it is also common for ransomware to be hosted on pirated software download pages. Furthermore, in other cases, users manage to infect computers when the person opens files from other untrustworthy sources or uses fake installers.

AstraLocker – How does the virus that infects emails work?

The bait used by AstraLocker 2.0 operators, in short, is a differentiated Microsoft Word document, which hides an OLE object with the ransomware payload. In this sense, the embedded executable uses the filename “WordDocumentDOC.exe”.

According to a code analysis by ReversingLabs, the AstraLocker virus is based on the leaked source code of Babuk, which in turn is a buggy but still dangerous strain of ransomware that came out in September 2021.

How does this virus usually infect the computer?

Typically, emails designed to spread this malware are disguised as urgent/important letters from legitimate companies or other entities. In this way, the person receives and does not pay attention to the fact that there may be malicious content there.

In this sense, there are some examples of files that cyber criminals use to distribute MS Office malware, files such as ZIP and RAR, PDF documents, as well as JavaScript and executable files.

What can happen if your files get infected by this virus?

If your computer is infected with AstraLocker, some things that can happen are the following: it will not be possible to open files stored on the computer; previously functional files can be changed to a different extension (such as my.docx.locked).

Furthermore, you may see a ransom request message on your desktop, as as mentioned earlier, cyber criminals often demand ransom payment (usually in cryptocurrencies such as bitcoins) to unlock your files.