A1Lock Ransomware

The A1Lock Ransomware is an encryption ransomware Trojan that was first observed in the last days of July 2017. The A1Lock Ransomware is one of the many variants of the Globe Ransomware, which have been released in the last couple of years. The A1Lock Ransomware may be delivered to victims using spam email attachments. Victims will receive an email message that will convince them to open an attached file, by claiming that the file contains an invoice or other important documents. When the victim opens the document, which may be a Microsoft Word document, it will contain corrupted macros that will download and install the A1Lock Ransomware on the victim's computer. Since the A1Lock Ransomware's distribution technique exploits macros, disabling them will stop these attacks from happening.

Detailing the A1Lock Ransomware Infection

Like most encryption ransomware Trojans, the A1Lock Ransomware is designed to use a mixture of the AES and RSA encryptions to turn the victims' data inaccessible. The A1Lock Ransomware encrypts the victim's files and then demands a ransom payment to restore access to the affected files. The A1Lock Ransomware will encrypt the victim's files with its strong encryption method and then add the file extension '.707' to the affected file's name. The A1Lock Ransomware will target the user-generated files, which may include audio, music, videos, images, databases, spreadsheets, texts, and numerous other file types. The main goal of the attack is to force the victim to pay a ransom in exchange for the decryption key necessary to recover the affected files.

How the Con Artists may Profit from the A1Lock Ransomware Attack

The A1Lock Ransomware demands a ransom payment by displaying a ransom note on the infected computer as soon as it encrypts the victim's files. The A1Lock Ransomware demands the payment of 0.06 BTC, which in Bitcoin is equivalent to approximately $160 USD. The A1Lock Ransomware delivers its ransom demand in the form of an HTML file that is opened in the infected computer's default Web browser. The A1Lock Ransomware also will drop copies of the file on the infected computer's desktop and in the Documents Windows library. The content of the A1Lock Ransomware ransom note, which is contained in a file named 'RECOVER-FILES.html' is:

'Your files are Encrypted!
For data recovery needs decryptor.
If you want to buy a decryptor, click the link:
[Decryptor Here|hyperlink to satoshibox(.)com/ID-string]
(if you not have bitcoin - Click [Here|hyperlink to blockchain(.)info])
And finally, if you can not buy decryptor, follow these two steps:
1. Install the TOP Browser from this link:
torproject(.)org
Then open this link in the TOP browser: [support|hyperlink]
Your personal ID:
[512 RANDOM CHARCTERS]'

Victims are instructed to connect to the con artists' online payment portal using TOR, on the Dark Web.

Dealing with the A1Lock Ransomware Infection

PC security researchers strongly advise computer users to refrain from paying the A1Lock Ransomware ransom amount. Doing so allows these people to continue creating and developing ransomware attacks like the A1Lock Ransomware, claiming new victims. Furthermore, computer users should not count on the people responsible for the A1Lock Ransomware attack keeping their word and delivering the decryption key after an attack. These people are just as likely to demand additional ransom payments, ignore the victim altogether or, even worse, target the victim for additional attacks (since the victim has already demonstrated a willingness to pay the ransom amounts). The best protection against the A1Lock Ransomware and similar ransomware Trojans is to have file backups. Making backup copies of your files on an external memory device or the cloud means that in the misfortune of an attack, you can recover your files from the backup copy by simply wiping the infected drive clean and restoring the affected files from the backups. In fact, this is the best protection against the A1Lock Ransomware and similar threats, since it removes any power the con artists hold over their victims completely.