SNSLocker targets Windows OS and is distributed via malicious email attachments, file sharing networks, and browser hijacker malware that leads victims to poisoned links. It is written in .Net Framework 2.0 and leverages Microsoft .Net Crypto API. SNSLocker encrypts files using AES-256, appends the encrypted file extensions to .RSNSlocked, and demands a ransom payment of $300 USD. The creator of this variant encoded the location of the C2 server as well as the server’s login credentials which has allowed security researchers to locate the decryption keys for victims impacted by SNSLocker.
- Trend Micro has more information about SNSLocker here.
- Trend Micro offers a decryption tool for files encrypted by SNSLocker, available here.