A new ransomware called FilesLocker is being distributed as a Ransomware as a Service, or RaaS, that targets Chinese and English speaking victims. This ransomware was first spotted by MalwareHunterTeam who posted about it on Twitter. At the time, it looked like your standard small little C# ransomware with little or no distribution. It turns out, though, that this ransomware is being offered as a RaaS where affiliates can sign up and earn commissions.
Marta Janus, Senior Threat Researcher at Cylance:
“Ransomware as a Service has become quite popular in recent years due to several reasons. It’s a fairly uncomplicated piece of software that can be developed by entry-level programmers. The distribution through underground portals makes it easy to manage and is also available to large audiences. The malware itself can be used by non-technical people with little to no effort. Moreover, the relatively anonymous payment systems based on cryptocurrencies might give cybercriminals sufficient sense of security.
The newly discovered FilesLocker ransomware doesn’t differ much from the ones we already know but it seems to offer an efficient affiliate program for potential buyers. As with other ransomware families, it’s definitely best to prevent it from infecting the machine. This can be done by keeping the operating system and all software up to date, running an updated security solution, and generally being cautious and vigilant while dealing with email attachments and URLs. In case of an infection, there is not much that can be done, therefore you should always keep all important files safely backed up on a separate drive disconnected from the network.”
