DAGON LOCKER Ransomware

When infosec researchers analyzed the DAGON LOCKER Ransomware, they discovered that it is likely an updated version of a previously identified threat known as the Mount Locker Ransomware. The threat is being used by threat actors to impact the data of their victims, by encrypting it with an uncrackable cryptographic algorithm. The affected files will be left in an inaccessible state. In addition, '.dagoned' will be appended to the original names of all targeted file types.

The DAGON LOCKER leaves a ransom note with instructions to its victims. The message is delivered as a file named 'README_TO_DECRYPT.html.' Reading the note reveals that the threat actors are running a double-extortion scheme - before encrypting the victim's files, they collect confidential data and store it on a private server. The hackers threaten to release the obtained information to the public if the impacted entities do not pay the demanded ransom. According to the note, the only way to contact the cybercriminals is by going to their dedicated website hosted on the Tor network.

The full text of the message left by the DAGON LOCKER Ransomware is:

'Pwned
by DAGON LOCKER
What happened?
All your data is encrypted on all IT systems.

Your data including financial, customer, partner contracts and employees has been exfiltrated to our internal servers.

What's next?
You either get in touch with us or get famouse as a company with a large data leak.

How do I recover?
There is no way to decrypt your files manually unless we provide a special decryption tool.

Get your copy of Tor browser and CONTACT US'