1337Locker Ransomware

The 1337Locker Ransomware is an encryption ransomware Trojan that belongs to a large family of ransomware known as MyLittleRansomware. The 1337Locker Ransomware was first observed during the first week of June 2017 and uses a large portion of code recycled from previous ransomware variants in this family, which has been active for several months in the wild. The 1337Locker Ransomware carries out a typical ransomware tactic, with no real variation on what is already a well-known hoax. The 1337Locker Ransomware is being delivered to victims through corrupted spam email attachments, which will use degenerated macro scripts to download and install the 1337Locker Ransomware onto the victim's computer. To date, the use of spam email campaigns is the most common way of distributing ransomware Trojans like the 1337Locker Ransomware.

How the 1337Locker Ransomware Carries out Its Attack

One of the ways in which the 1337Locker Ransomware file is disguised is by using a double extension, adding the string 'pdf' to the end of the file's name so that it will be mistaken for a PDF file, even if the file's actual extension is 'exe,' marking it as an executable file clearly. This is an unsophisticated way of delivering these threats. Typically, the use of corrupted scripts is a more advanced way of installing threats like the 1337Locker Ransomware. Once the 1337Locker Ransomware has entered the victim's computer, it will establish a connection with its Command and Control server and then encrypt the victim's files. The 1337Locker Ransomware uses a strong encryption method to make the victim's files inaccessible, and take them hostage. This allows the 1337Locker Ransomware to demand a ransom payment from the victim. After encrypting the victim's files, the 1337Locker Ransomware will deliver a ransom note explaining the attack and demanding payment. The text of the ransom notification the 1337Locker Ransomware uses to contact its victims is:

Your personal files has been en-crypted with 1337-Locker.
En-cryption is made with AES-256 key which is impossible to crack.
"DO NOT DELETE" randomly generated files on your desktop. Those are your files.
If you delete them you'll never get your files back.
1337
DO NOT double run this software or you'll self-lock your files and they gonna be un-recoverable.
Don't close the software and keep it running until you de-crypted your files or they gonna be un-recoverable.
You have been warned i'm not responsible if you didn't followed my steps.
If you want to de-crypt your files, simply click "Contact Me" button for more details.
button [Contact Me]'

The 1337Locker Ransomware will carry out its encryption routines in the background, only using a small percentage of the infected computer's processing capacity to prevent any changes in performance and detection before the 1337Locker Ransomware finishes encrypting the victim's files. Once the 1337Locker Ransomware has encrypted the files, it will no longer be possible to view the affected files. Unlike other ransomware Trojans, the 1337Locker Ransomware does not mark the affected files with any new extension or name change.

Protecting Your Data from Ransomware Trojans Like the 1337Locker Ransomware

The best protection against ransomware Trojans like the 1337Locker Ransomware is to have backup copies of your files. File backups stored on external memory devices or the cloud allow computer users to recover quickly from a 1337Locker Ransomware attack by giving them the ability to delete the encrypted files and then copying over the file from the backup. The 1337Locker Ransomware itself can be removed with a reliable security utility that is fully up-to-date easily. The real issue when dealing with threats like the 1337Locker Ransomware is recovering the compromised files, which cannot be restored once encrypted. This is why having file backups is the best possible protective measure against the 1337Locker Ransomware and other encryption ransomware Trojans that are active in the wild currently.