Specialists MalwareHunterTeam and Bleeping Computer warned about the emergence of a new locker and wiper, which was named StalinLocker, as it shows the user a portrait of Stalin and plays the anthem of the USSR.
Researchers say that StalinLocker gives the user only 10 minutes to enter the code, and then, if the code has not been entered, it begins to erase the contents of all volumes that it finds in the system.
Experts do not report how the malware is spread. It is known that after infection, StalinLocker copies itself to% UserProfile% \ AppData \ Local \ stalin.exe and registers itself in autorun as Stalin, after which it starts working, locks the screen and erases all logs from the infected machine. The malware also creates a file% UserProfile% \ AppData \ Local \ fl.dat, which records the current number of remaining seconds divided by three. Thus, every time the user starts the program, the timer time is significantly reduced. In addition, the locker tries to kill all processes except Skype and Discord, exits Explorer.exe and taskmgr.exe, and also tries to create a scheduled Driver Update task to launch Stalin.exe, but this functionality, according to the researchers, is still full of bugs.
StalinLocker gives its victims 10 minutes to enter the correct code. According to MalwareHunterTeam, the code is the difference between the current date of execution of the program and 1922.12.30 (probably, the author of the malware meant the date of the approval of the agreement on the formation of the USSR). If the code is entered correctly, the locker will remove itself from autorun and exit.
If you do not enter the code, the countdown will go to zero, and after that StalinLocker will attempt to delete all files from the victim's system, sequentially going through the letters of volumes from A to Z.
Experts note that while StalinLocker is definitely in development and has not yet been completed, but, unfortunately, the malware has been brought to a functional state and already poses a threat to users.
