GNL Locker Ransomware

The 'GNL Locker' Ransomware is a ransomware infection that encrypts its victims' files and replaces their extension with the extension '.LOCKED.' The 'GNL Locker' Ransomware uses the RSA-2048 encryption to make the victim's files inaccessible. A lot of times, it may not be possible to recover from a 'GNL Locker' Ransomware infection without recovering the files from a backup location. However, there are currently services that allow computer users to identify the ransomware threat that has infected their computers and find out whether a decryption utility is available currently. As of the making of this report, there is no decryption method for the 'GNL Locker' Ransomware.

How the 'GNL Locker' Ransomware may be Delivered to a PC

In most cases, the 'GNL Locker' Ransomware is delivered using corrupted email messages. Some spam email messages that may be impersonating DHL or FedEx shipping notifications may contain a corrupted embedded link or attached file. If computer users open these email messages and access this attached or embedded content, the 'GNL Locker' Ransomware (or a different corrupted component) may be installed on their computers. As soon as the 'GNL Locker' Ransomware enters a computer, it will begin to carry out its attack of encrypting the victim's files.

How the 'GNL Locker' Ransomware may Take Your Files Hostage

Encryption ransomware like the 'GNL Locker' Ransomware uses an encryption algorithm to make the victim's files inaccessible. Its decryption key is stored on the con artists' servers and is only delivered to the victim if a ransom is paid using BitCoins. The following are a few of the types of files that are encrypted by the 'GNL Locker' Ransomware – new file formats may be added to this list every day:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .od.

After encrypting a file, the 'GNL Locker' Ransomware changes its extension to '.LOCKED' and drops ransom notes in the same directory. The 'GNL Locker' Ransomware uses three types of ransom notes: a text ransom note, an HTML ransom note, and an image file that replaces the victim's Desktop wallpaper. The 'GNL Locker' Ransomware deletes Shadow Volume copies of encrypted files and System Restore data, which makes it almost impossible to recover the encrypted files using these alternate methods. The following ransom note text has been associated with the 'GNL Locker' Ransomware:

Your files are locked / encrypted You can unlock you files by paying requested amount! (~$/€250)
All you important files are encrypted using an unique 32 characters AES-256 password. (it will take a computer over a billion years to crack this password)
Lucky for you it is possible to get all your files back!
In order to unlock your files you will have to purchase the private password for this computer. For more information navigate to your personal unlocking page below.
Warning! You must pay the specific amount before Monday 09 May 2016 or the amount you have to pay will TRIPLE!
Warning! The only way to get your files back is by paying! Antivirus software CANNOT recover your files!
Important information
Your UID: –
Use one of the links below to pay and receive instruction for unlocking your files.
If none of the above websites work follow the steps below.
1. Download the Tor Browser Bundle https://torproject.org/projects/torbrowse.html.en
2. Start the Tor Browser Bundle.
3. Enter – in the address bar of the Tor Browser Bundle.

Prevention is the Key to Deal with the 'GNL Locker' Ransomware

The best way to deal with ransomware threats is prevention. Computer users should always have a backup of their files on an external device or the cloud. Rather than paying the ransom, with no guarantee that the con artists will honor their promise, you can then recover your files from the backup location after wiping the affected hard drive clean.