New Ransomware 'Abducts' Computers, Plays 'Close Encounters' Theme
A new type of ransomware, called Shadowlock, plays the 'Close Encounters of the Third Kind' theme when it attacks.
CREDIT: Columbia Pictures, TechNewsDaily composite
So you're on the computer minding your own business when suddenly you hear the "Close Encounters of the Third Kind" music playing on your computer. A shiver runs down your spine. "What is happening?" you think. But don't panic; it's probably just a type of malware on your computer making itself known.
So, like, panic a little bit. But you're probably not about to be abducted by aliens, so take comfort in that.
Security research firm Symantec has discovered this weird new malware, which they've called Shadowlock. The malware is of the ransomware variety, which means it's designed to lock up a computer until the user performs a specific task, usually involving payment of some kind — in essence, holding the computer for ransom.
But Shadowlock has a bunch of other weird features hidden away within the basic ransomware code. These include playing the "Close Encounters of the Third Kind" theme on the computer's speakers, opening and closing the CD tray and even, God forbid, launching MS Paint. [See also: How to Get Rid of Ransomware on Mobile Devices]
When Shadowlock infects computers, it'll first show up in a popup box that says, "Please complete a survey in order to unlock your computer. Everything will be as before when you unlock your PC. Don't do this, and you'll see what happens. Thank you for your cooperation."
Aggressively passive-aggressive threats aside, Shadowlock is a bit different from your typical ransomware; instead of asking for money, it requires you to fill out an online survey. This shouldn't cost users anything except their pride.
A button on the popup box links to a website with three different surveys. Completing any of the surveys will give you a code that you can input into the popup box to unlock your computer.
There is another way to escape the ransomware, though. You won't be able to end the malware program with the Task Manager or Command Prompt, or even by trying to restore your computer to a previous point; Shadowlock blocks those methods. However, if you input three incorrect unlock codes, the ransomware will cause the computer to shut down.
When users restart the computer, they'll have 20 seconds before that aggressively passive-aggressive popup box returns. If you can initiate the system restore or end the malware with Task Manager or Command Prompt within that timeframe, it will neutralize the ransomware.
However, maybe the creators of Shadowlock had something other than money in mind when they designed this malware. Symantec's analysis revealed all sorts of weird, hidden features in Shadowlock's code, some of which were buried under layers of obfuscation in order to make it more difficult for analysts to detect them.
Some, such as the "Close Encounters" theme, are fairly benign. But Symantec also found that Shadowlock has the capability to disable firewalls on Windows machines and "kill," or shut down, the Big Five browsers: Chrome, Firefox, Safari, Internet Explorer and Opera.
Shadowlock's code doesn't actually call these methods, however. This means that while the code for the features is there, the ransomware is missing the extra few lines of code that would set those features into action.
Symantec suggests two possible reasons for this absence: One is that Shadowlock's creators copied and pasted code from a different malware program when creating their ransomware. The other, more sinister reason could be that the makers are "testing the waters," seeing how Shadowlock performs as a simple ransomware before implementing more-aggressive features.
You can read Symantec's full write-up on its blog.