AlldataLocker Ransomware

The AlldataLocker Ransomware is an encryption ransomware Trojan that can make the life of the affected computer users very complicated. The AlldataLocker Ransomware, like most threats of this type, is designed to take the victim's files captive and then demand a ransom payment from the victim in exchange for the decryption key. The AlldataLocker Ransomware demands its ransom in Bitcoin, like most threats of this type do.

It is True – All Data that Matters will be Compromised by the AlldataLocker Ransomware

The AlldataLocker Ransomware attacks have been used to target businesses and hospitals mostly. The first reports of incidents involving the AlldataLocker Ransomware Trojan happened in July 2018. Most of the AlldataLocker Ransomware victims seem to be located in India. One of the first attacks involving the AlldataLocker Ransomware was a hospital located in Mumbai. The AlldataLocker Ransomware, following the behavior of most ransomware Trojans, targets the user-generated files, which may include images, videos, texts and numerous other file types. The AlldataLocker Ransomware used the AES encryption to make the victim's files inaccessible, in the case of the mentioned attack, targeting all files on the targeted hospital's internal network. The following are examples of the types of files that will be compromised by threats like the AlldataLocker Ransomware:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The AlldataLocker Ransomware marks the files it encrypts by adding the file extension '.Lock' to each affected file. The AlldataLocker Ransomware delivers its ransom note in the form of a text file named 'how to unlock your files.txt' that contains the following message:

'HOW to unlock your file?
send Msg on telegram messanger on : h[tt]ps://t[.]me/ruberfiles
or id : @ruberfiles
We help you for unlocking your Files
for get your PW files pm we on telegram messanger
god luck'

This ransom note is dropped into every directory where there is encrypted data.

Protecting Your Data from Threats Like the AlldataLocker Ransomware

Because the AlldataLocker Ransomware encrypts the files with an almost unbreakable algorithm, these files will be made inaccessible permanently. Therefore, the best method of dealing with the AlldataLocker Ransomware and similar threats is to take preventive measures. The most important way in which computer users can ensure that their data is well protected is by having file backups. If there are backup copies of the targeted files, then computer users can restore their data from the backup copies without having to contact the criminals to pay the ransom. Apart from file backups, it is paramount that computer users have security software and put reliable security measures in place. This applies for businesses, hospitals especially, and other common targets for these attacks. Since the main infection vector seems to be spam emails, then it is more than necessary to ensure that all company employees and computer users know how to handle spam emails and view or discard email attachments safely.