Admin Locker Ransomware
The Admin Locker Ransomware is another potent malware threat that has been unleashed in the wild right after the holidays. Victims of the threat will be prevented from accessing a vast portion of their own files. These could include important documents, PDFs, pictures, photos, archives, databases and more. The strong encryption algorithm used in the process ensures that the affected files will be unrecoverable without assistance from the attackers, the decryption codes in their possession mainly.
A curious detail about the Admin Locker Ransomware is that there are multiple, different variants of the threat that are active simultaneously. All three are virtually identical apart from the specific file extension that they use to mark the files they encrypt - '.admin1,' '.admin2,' '.admin3,' '.1admin,' '.2admin' or '.3admin.' Otherwise, all variants will deliver the same ransom note placed inside a newly-created text file named '!!!Recovery File.txt' file.
Ransom Note's Details
The ransom message of the threat does not reveal the exact amount of the ransom demanded by the attackers. Instead, it directs Admin Locker's victims towards visiting a dedicated website accessible only on the Tor network. There, they can supposedly establish communication with the hackers. However, the note does state that the funds will need to be paid using the Bitcoin cryptocurrency.
The cybercriminals also are willing to demonstrate their ability to restore encrypted files. They allow their victims to send up to 5 different encrypted files to be unlocked for free. The only listed requirement is for the files to be less than 5MB in total size.
The full text of Admin Locker's ransom note is:
'All of your important files have been encrypted on this PC.
All files are encrypted.To decrypt your files, you need to get a private key + decryption software.
To get the private key and decrypt software, you need to contact us and send us [YOUR KEY] .
To do this you need to go to the site in darkweb you can only enter through the TOR BROWSER
you can download it here hxxps://www.torproject.org/download/
after you have installed a tor browser open this site
hxxp://adminavf4cikzbv6mbbp7ujpwhygnn2t3egiz2pswldj32krrml42wyd.onion
It shows you your current contacts.
Do not use chrome or firefox to access this site.
The site will not open with a tor browser only.
Our Guarantee.
We can decrypt several files as a demonstration - you can send us up to 5 files
up to 5 MB in total weight
and we will send them back to you in their original form for FREE.
How long do I have to wait for the decryption key for the whole PC?
After payment, we will send you the key within minutes.
Your personal ID:
[KEY]Attention! Don't lose your money.
write to us personally. if you ask someone else to help you decrypt, they will just write to us instead of you. and this will increase our costs for their services (mediation). in the worst case you will be cheated. so write personally, this is safer for you. only we can decrypt files.
Do not try to change the files and remove the extension, you may lose it forever. if you try to decrypt it yourself, experiment on the copies, do not experiment on the originals.'
