Evil Locker Ransomware

The Evil Locker Ransomware is an encryption ransomware Trojan that was first used to attack computer users in July 2018 and was reported on July 9th. The Evil Locker Ransomware will encrypt the victim's files, making them inaccessible, and add the file extension '.EVIL' to each compromised file, as well as the Evil Locker Ransomware's contact email address. The Evil Locker Ransomware's attack is simple to understand: the Evil Locker Ransomware will take victim's files hostage and then stipulate a ransom payment to restore access to the affected files.

Another Evil to Torment Computer User

The Evil Locker Ransomware, like many, similar threats, is distributed through corrupted email attachments, which include inserted macro scripts that download and install the Evil Locker Ransomware onto the victim's computer. This is, however, just one of many different ways in which threats like the Evil Locker Ransomware can be distributed to the victims. The Evil Locker Ransomware will encrypt the user-generated files in its attacks, which may include numerous media files, documents and other file types. The following are examples of the files that threats like the Evil Locker Ransomware target in their attacks:

.ebd, .jbc, .pst, .ost, .tib, .tbk, .bak, .bac, .abk, .as4, .asd, .ashbak, .backup, .bck, .bdb, .bk1, .bkc, .bkf, .bkp, .boe, .bpa, .bpd, .bup, .cmb, .fbf, .fbw, .fh, .ful, .gho, .ipd, .nb7, .nba, .nbd, .nbf, .nbi, .nbu, .nco, .oeb, .old, .qic, .sn1, .sn2, .sna, .spi, .stg, .uci, .win, .xbk, .iso, .htm, .html, .mht, .p7, .p7c, .pem, .sgn, .sec, .cer, .csr, .djvu, .der, .stl, .crt, .p7b, .pfx, .fb, .fb2, .tif, .tiff, .pdf, .doc, .docx, .docm, .rtf, .xls, .xlsx, .xlsm, .ppt, .pptx, .ppsx, .txt, .cdr, .jpe, .jpg, .jpeg, .png, .bmp, .jiff, .jpf, .ply, .pov, .raw, .cf, .cfn, .tbn, .xcf, .xof, .key, .eml, .tbb, .dwf, .egg, .fc2, .fcz, .fg, .fp3, .pab, .oab, .psd, .psb, .pcx, .dwg, .dws, .dxe, .zip, .zipx, .7z, .rar, .rev, .afp, .bfa, .bpk, .bsk, .enc, .rzk, .rzx, .sef, .shy, .snk, .accdb, .ldf, .accdc, .adp, .dbc, .dbx, .dbf, .dbt, .dxl, .edb, .eql, .mdb, .mxl, .mdf, .sql, .sqlite, .sqlite3, .sqlitedb, .kdb, .kdbx, .1cd, .dt, .erf, .lgp, .md, .epf, .efb, .eis, .efn, .emd, .emr, .end, .eog, .erb, .ebn, .ebb, .prefab, .jif, .wor, .csv, .msg, .msf, .kwm, .pwm, .ai, .eps, .abd, .repx, .oxps, .dot.

The Evil Locker Ransomware delivers a ransom note in the form of a text file named '!_HOW_RECOVERY_FILES_!.txt,' which is dropped on the infected PC's desktop after the victim's files have been compromised. The full text of the Evil Locker Ransomware ransom note reads as follows:

'>>>> EVIL LOCKER <<<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write on our e-mail: evil@cock.lu or evil@firemail.cc And in subject write your ID: ID-[redacted 6 hex char] We send you full instruction how to decrypt all your files. 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.)'

Dealing with an Evil Locker Ransomware Infection

If you were a luckless victim of the Evil Locker Ransomware, they would not be recoverable without the decryption software, which is held by the criminals. Because of this, the best that can be done to be protected against threats like the Evil Locker Ransomware is to have the routine of backing up your files and store on the cloud or another external place. This allows victims of the Evil Locker Ransomware attack to replace the affected files with the backup copies after using a security program to remove the Evil Locker Ransomware infection completely from the compromised computer and associated storage devices.