A virus strain called AstraLocker recently released a new version, which infects e -mail attachments through quick attacks, but capable of causing great damage. Read on and understand how this ransomware works .
A ransomware such as AstraLocker is basically malware that encrypts relevant files on a device’s local and network storage, demanding a ransom to decrypt them. The most common ways to spread malware are to trick users into opening malicious email attachments, or to open files downloaded via links in emails. On the other hand, it is also common for ransomware to be hosted on pirated software download pages. Furthermore, in other cases, users manage to infect computers when the person opens files from other untrustworthy sources or uses fake installers.
The bait used by AstraLocker 2.0 operators, in short, is a differentiated Microsoft Word document, which hides an OLE object with the ransomware payload. In this sense, the embedded executable uses the filename “WordDocumentDOC.exe”. According to a code analysis by ReversingLabs, the AstraLocker virus is based on the leaked source code of Babuk, which in turn is a buggy but still dangerous strain of ransomware that came out in September 2021.