Unraveling Maktub Locker Ransomware

Maktub Locker is one of the more dangerous forms of ransomware - read on to learn more about this type of cybercrime.

28-09-2023 - 6 minute read. Posted in: malware.

Unraveling Maktub Locker Ransomware

Ransomware has developed as one of the most illicit and financially destructive type of malware in the world of cyber threats. Maktub Locker stands out among an array of ransomware variants as a particularly dangerous one.

This blog post aims to shed light on the Maktub Locker ransomware, its causes, how it functions, and the precautions you can take to avoid becoming a victim of this sneaky cyberthreat.

Understanding Ransomware

Let's first examine what ransomware is in general before we dig into the specifics of the Maktub Locker. Malware, known as ransomware, encrypts a victim's files or entire system, making it impossible for the victim to access them. Once the victim's files or system have been encrypted, the ransomware's creators demand a ransom, which is typically made in bitcoin since this currency is untraceable.

Attacks using ransomware can have severe consequences on both people and businesses. Victims often have to make a difficult decision: either pay the ransom and try to regain access to their data, or refuse to pay and run the danger of permanently losing their important data.

The Maktub Locker rises

When Maktub Locker initially appeared in 2016, it immediately became well-known for its advanced encryption methods and the outrageous demands it made of its victims. The Arabic phrase "Maktub" means "it is written," a terrifying reminder to the victims that their fate has already been decided by the perpetrators. Maktub Locker's owners showed little mercy when it came to their demands, and the name came as a symbol for brutality.

The hackers often start off by offering two “free” files to the victim as a sort of assurance that they will get their files back once they pay the ransom. The ransom starts at 1,4 bitcoin equivalent to $590 - if you haven’t paid the ransom within 15 days, the amount is then at 3,9 bitcoins equivalent to $1.600.

How it works

Maktub Locker usually spreads through phishing e-mails or in attachments containing the malware. Attackers frequently employ social engineering methods to persuade victims to open what looks to be a valid email or attachment. As soon as the malware gets access to the victim's system, it begins to encrypt data using powerful encryption techniques, making it almost impossible for the victim to decode the files on their own.

The victim receives a ransom note after the encryption process is done. The ransom payment instructions are provided in the note, and usually the hackers want the ransom in the form of Bitcoins or another type of cryptocurrency. In many cases, victims are offered a limited amount of time to pay the ransom; if they don't, the ransom price will rise, as mentioned above, or the decryption key can be permanently lost.

  • The Maktub Locker operators are renowned for handling ransom payments with professionalism. To assist victims in navigating the difficulties of buying and transmitting cryptocurrency, they offer full guidance and even "customer support" for their victims.

Notable Attacks

Over the years, Maktub Locker has been behind a number of prominent attacks. One of the most notable incidents was in 2016, when San Francisco's Municipal Transportation Agency (SFMTA) computer systems got infected with malware in a ransomware attack. As a consequence, the city's public transportation system was disrupted, leaving commuters stranded and causing a significant financial loss for the organization.

Another significant attack targeted the healthcare industry. In 2017, a significant Maktub Locker attack targeted the National Health Service (NHS) in the United Kingdom. Hospitals and healthcare facilities all around the nation suffered damage from this attack, which resulted in chaos and delays in patient care.

The Evolution of Maktub Locker

Since its creation, Maktub Locker has undergone numerous modifications and evolutions. The switch from classical ransomware to Ransomware-as-a-Service (RaaS) was one of the most noticeable shifts. This meant that more criminals could rent or buy the ransomware from its developers and use it to encrypt the files of their own victims - they avoid making their own coding etc. where instead, it's done for them. The number of cases and threats of Maktub Locker increased as a result of this change in the ransomware landscape.

The original Maktub Locker creators and operators, however, unexpectedly announced their retirement in 2017. They allegedly said they had made enough money to stop committing cybercrime. This may have seemed like a victory, but it actually encouraged the emergence of new threat actors that kept Maktub Locker or its codebase as a tool for their attacks.

Standing strong against Maktub Locker

It's critical to take proactive steps to protect yourself and your company given the seriousness of the Maktub Locker threat and the potential consequences of an attack. Here are some important strategies to take into account:

  • Regular Backups: Keep current backups of your data. To avoid them being compromised during an attack, make sure to store these backups offline or in a secure spot where strangers cannot access it.

  • Employee Training: Employees should get awareness training which makes them more vigilant when it comes to e.g. phishing emails so they can avoid clicking on dubious links or downloading files from untrusted sources, which likely contain malware and ransomware.

  • Patch and Update: Update your operating system, software, and antivirus programs. Numerous ransomware attacks take advantage of common vulnerabilities that are fixed with software updates and patches.

  • Network Security: Use strong network security tools, including firewalls, intrusion detection systems, and antivirus software, to identify and prevent ransomware threats.

  • E-mail Filtering: Use email filtering tools to identify and remove malicious attachments and phishing emails before they reach end users.

  • Cybersecurity Policies: Within the company, establish explicit cybersecurity policies and incident response plans. Make sure staff members are aware of what to do in the event of a potential ransomware attack.

  • Endpoint Protection: Implement endpoint security tools that can identify and prevent ransomware threats at the specific devices.

  • Cyber Insurance: Consider buying cyber insurance to lessen the financial toll of a ransomware attack.

Practice your cyber awareness

In the constantly changing world of cybercrime, Maktub Locker ransomware poses a serious threat. It’s a lethal enemy given its advanced encryption methods, extortion strategies, and professional demeanor. However, people and businesses can reduce the risk of this severe threat by exercising caution, getting the correct cybersecurity training in, and putting the right cybersecurity precautions in place.

Keep in mind that the key to fighting ransomware is prevention and preparation. To protect your digital assets, make regular backups of your data, educate your employees, keep your systems up to date, and spend money on reliable cybersecurity solutions. By doing this, you can improve your defenses and minimize your vulnerability to Maktub Locker and other types of ransomware.

Author Caroline Preisler

Caroline Preisler

Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.

View all posts by Caroline Preisler

Similar posts