This ransomware does not encrypt files on the victim's machine. It locks the entire screen and does not permit the victim to do anything else till he pays the ransom. ScreenLocker is normally downloaded from exploit kits, mostly in the recent past.
The following is a list of some of the popular ScreenLocker ransomware:
- Reveton
- Urausy
- Kovter
- Tobfy
- Weelsof
- BlueScreen
- Koktrom
- Winlock
- LockScreen
Details about some of these families will be covered in later chapters.
The following points give a brief idea of how the ransomware achieves the screen locking functionality. Some keywords are used that are related to programming:
- A ransomware can use the
EnumWindows()
API to find out all windows (GUIs of other processes) after which it puts all the windows in the background. Finally, the ransomware window remains at the top of other windows. - Ransomware window covers the full screen.
- The victim should not be able to resize the window...