User avatar
Forum Moderator
Posts: 1717
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

And another one: Maktub Locker....

Sun Apr 10, 2016 11:18 am

Another disease is out there... The Maktub Locker...

This is an era of big problems... ... dangerous/

My local hospital was infected by the plague of the locker virus.... ... o-na-rede/ (in Portuguese, use translator hehehe)

User avatar
Data Recovery Noob
Posts: 28
Joined: Wed Apr 13, 2016 8:01 pm
Location: Porto, Portugal
Contact: Website Skype

And another one: Maktub Locker....

Thu Apr 28, 2016 5:26 am

This execution method is very smart, but will have flaws. It's interesting that they compress the file before crypting it, making the encryption faster. However te fact that they have a WWW site ofering decryption on 2 files, that can serve to find at least inital paterns. I've also seen how memory handles the dll responsible for the job, if you have a bad pc, your files won't be encrypted LOL!!!! :D :D :D

Edit: I have forgotten the most interesting part. This can't be written by one single person, the obfuscation on the dll, the hardcoded process, it suggests that this has been developed by a team of malware experts, not randoms with some coding skills.
Digital Forensics & Incident Response
Certified Engineer on SafeGuard Encryption

Forum Moderator
Posts: 224
Joined: Mon Jan 12, 2015 7:56 pm

And another one: Maktub Locker....

Thu Apr 28, 2016 8:57 am

There is always speculation about the skill required and resources required to do this sort of malware. this isn't like Stuxnet where a massive amount of extra knowledge was needed such as Siemens SCADA stuff, and some pretty decent rootkit type knowledge. Also the targeting requires quite a bit of knowledge about the targets, plus motivation.

This malware however really just needs to run on a windows box. And the extra parts the "team" would need would be access to 0-days, or ability/time to discover them, a way to sell the kits to people without getting caught, or a way to create and use them themselves without getting caught, and finally a way to get really money back at the end, also without getting caught.

I don't think it is a huge team, maybe 3 -5 people at the creation part. Any more and it is in danger of the usual human bullshit where there is fallings out, ego clashes, a member slipping up... (If you have 2 people creating it, getting 2 more to help doubles the chance of a mistake). Also the more people, the more chance one of them has a girlfriend/boyfriend that cant be trusted, they brag or make stupid social media posts, they have some history where they weren't so careful come back and bite them in the ass (Silk Road, lol!).

Somehow they need exploits, and the people doing the crypto part, I wouldn't think would have a huge role in that.. it takes too much time. Plus it is obvious they monitor releases of patches and Vulns, and you cannot code properly when you are pre-occupied with the world. You need web devs, and these wouldn't be the exploit devs or the crypto people because they would HATE doing web dev if they are any type of decent coder. Someone has to organise the domains and do the uploading. You also need hackers to p0wn websites. These people would generally be the younger reckless ones I reckon that love to 0wn boxes and wouldn't be skilled in actual coding. Ad to all this the ones doing all the money side of it and you start to get a significant number of people involved.

I think these different parts of the crime would not be very organised and each component may change between people as some of the players get arrested for this or other crimes they are also doing, but I doubt it is one big team. I doubt many know each other in real life or are even in the same country.

Good to see recently two of the actual developers get thrown in federal PMITA.. one for 7 years and another for I think it was 12.

Data Recovery Noob
Posts: 1
Joined: Tue Dec 20, 2016 2:58 pm

And another one: Maktub Locker....

Tue Dec 20, 2016 3:17 pm

On the 15.12.2016 Maktub Locker Ransomware is detected in Germany. They send fake Emails with a fake bills. Bills adresses are real, but you can not open them. If you try to open them you will get the Virus downgeloaded. The new file extension is: .aywkk Design is just the same as last year.
According to the files are compressed during the process of cryption, because they want to make the process of cryption more quick: ... entfernen/

Best regards

User avatar
Data Recovery Noob
Posts: 1
Joined: Fri Oct 20, 2017 7:03 am

And another one: Maktub Locker....

Sat Oct 21, 2017 7:19 am

Here are the new overview about the transformation of ransomware
Blackmail viruses like RedBoot have evoked a serious discussion in the IT security circles. These types of cyber-culprits cause much more damage than mainstream ransomware as their adverse effects go beyond personal data encryption alone. The above-mentioned infection, for instance, additionally corrupts the Master Boot Record and skews the partition table to render the machine inoperable. Some researchers argue that perpetrating programs with such a depth of impact make victims highly skeptical regarding their chances for recovery, hence the crooks earn less than they would if the pest simply enciphered files without blocking computers altogether. And yet, the makers of RedBoot don’t seem to care and keep spreading their Petya-ish baddie regardless.

Return to “Cyber Security & Malware”

Who is online

Users browsing this forum: No registered users and 0 guests