Korean AdamLocker Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 7 |
First Seen: | March 6, 2018 |
Last Seen: | January 9, 2019 |
OS(es) Affected: | Windows |
The Korean AdamLocker Ransomware is an encryption ransomware Trojan that is a variant of AdamLocker, a family of ransomware that first appeared in December 2017. The Korean AdamLocker Ransomware is the second version of this threat, and there are already some differences between the Korean AdamLocker Ransomware and its predecessor. The Korean AdamLocker Ransomware uses an encrypted executable in its attack, which makes it much more difficult for PC security researchers to study how the Korean AdamLocker Ransomware works. The Korean AdamLocker Ransomware will encrypt the victim's files and add the file extension '.adam' to the end of each compromised files' names. The Korean AdamLocker Ransomware will disable system tools that could be used to restore the files encrypted by the attack.
Table of Contents
How the Korean AdamLocker Ransomware Attacks a Computer
As its name suggests, the Korean AdamLocker Ransomware is a variant of AdamLocker , which was designed to target computers located in Korea. The cybercrooks use phishing attacks geared towards this region to convince computer users to download unsafe files that infect the victim's computer with the Korean AdamLocker Ransomware. This is used through social engineering techniques. The Korean AdamLocker Ransomware will avoid the Windows system folders when attacking a computer but will encrypt victims' files if they are located in places that are not the Program Files, Windows or AppData directories. This is because threats like the Korean AdamLocker Ransomware require Windows to remain operational so that they can extract a ransom payment from the victim. The Korean AdamLocker Ransomware may encrypt the files with the following file extensions:
.PNG, .PSD, .PSPIMAGE, .TGA, .THM, .TIF, .TIFF, .YUV, .AI, .EPS, .PS, .SVG, .INDD, .PCT, .PDF, .XLR, .XLS, .XLSX, .ACCDB, .DB, .DBF, .MDB, .PDB, .SQL, .APK, .APP, .BAT, .CGI, .COM, .EXE, .GADGET, .JAR, .PIF, .WSF, .DEM, .GAM, .NES, .ROM, .SAV, .DWG, .DXF, .GPX, .KML, .KMZ, .ASP, .ASPX, .CER, .CFM, .CSR, .CSS, .HTM, .HTML, .JS, .JSP, .PHP, .RSS, .XHTML, .DOC, .DOCX, .LOG, .MSG, .ODT, .PAGES, .RTF, .TEX, .TXT, .WPD, .WPS, .CSV, .DAT, .GED, .KEY, .KEYCHAIN, .PPS, .PPT, .PPTX, .INI, .PRF, .HQX, .MIM, .UUE, .7Z, .CBR, .DEB, .GZ, .PKG, .RAR, .RPM, .SITX, .TAR.GZ, .ZIP, .ZIPX, .BIN, .CUE, .DMG, .ISO, .MDF, .TOAST, .VCD, .SDF, .TAR, .TAX2014, .TAX2015, .VCF, .XML, .AIF, .IFF, .M3U, .M4A, .MID, .MP3, .MPA, .WAV, .WMA, .3G2, .3GP, .ASF, .AVI, .FLV, .M4V, .MOV, .MP4, .MPG, .RM, .SRT, .SWF, .VOB, .WMV, .3D, .3DM, .3DS, .MAX, .OBJ, R.BMP, .DDS, .GIF, .JPG,.CRX, .PLUGIN, .FNT, .FON, .OTF, .TTF, .CAB, .CPL, .CUR, .DESKTHEMEPACK, .DLL, .DMP, .DRV, .ICNS, .ICO, .LNK, .SYS, .CFG.
Dealing with the Korean AdamLocker Ransomware
The files encrypted by the attack will become unrecoverable. The Korean AdamLocker Ransomware has been associated with the Bitcoin wallet address 1KQETJqKzUHUmCBXQgwzWt2cLcgwty5st1. To date, malware researchers have not tracked any payments made to this address. However, it is indispensable to take precautions against the Korean AdamLocker Ransomware and the many other encryption algorithms that are being used to extort computer users. A combination of reliable file backups and a strong security program that is fully up-to-date can ensure that your files are completely protected against threats like the Korean AdamLocker Ransomware.
How Threats Like the Korean AdamLocker Ransomware can be Distributed
There are different ways in which threats like the Korean AdamLocker Ransomware can be distributed. The most common way to do this is through corrupted email attachments, often using social engineering techniques to induce computer users into downloading and installing threats like the Korean AdamLocker Ransomware. Threats like the Korean AdamLocker Ransomware also can be delivered through attack websites that use exploit kits and unsafe advertisements to deliver the Korean AdamLocker Ransomware. It is also possible for threats like the Korean AdamLocker Ransomware to be delivered manually, through a manual hacking of the victim's computer on the part of the people responsible for the attack. Avoiding possible sources of infection is an essential part of ensuring that your data is safe from the Korean AdamLocker Ransomware.