Locdoor Ransomware

Locdoor Ransomware Description

The Locdoor Ransomware is an encryption ransomware Trojan. The Locdoor Ransomware Trojan was first reported on September 2, 2018, and is being spread to victims by using compromised spam email attachments. These file attachments included damaged embedded macro scripts that downloaded and installed the Locdoor Ransomware onto the victim's computer.

This Ransomware will Lock the Access Door to Your Files

The Locdoor Ransomware and threats like it take the victim's files hostage, demanding the payment of a ransom from the victim. The Locdoor Ransomware uses the AES encryption to make the victim's files inaccessible, making it nearly impossible to restore the files that have been encrypted by the Locdoor Ransomware attack. The Locdoor Ransomware targets the user-generated files, which may include media files, various document types, configuration files, databases and various other content kinds. The files targeted by threats like the Locdoor Ransomware include:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The Locdoor Ransomware does not rename the files encrypted by its attack (which is a common practice by similar threats). The Locdoor Ransomware, however, makes the encrypted files easy to recognize because they will show up as blank icons on the Windows Explorer and their contents will not be accessible. The Locdoor Ransomware delivers its ransom note in the form of an HTML file that opens the website 9w37hde92oqvcew235[.]creatorlink[.]net and delivers a message asking for a ransom, which reads as follows:

'Locdoor
Ransomware
decrypt Home Page...
An important file on your computer has been encrypted to
the Locdoor Ransomware! Can I recover it? Yes you can do the
recovery but the repair send a bit of coin to the
value of $ 0.10 to
364apyRKNUXFmVsk5z8Wf1T7tYcoD1RTZ address'

Dealing with the Locdoor Ransomware Infection

Computer users are advised by threat experts against paying the Locdoor Ransomware ransom. Instead, they should prepare themselves to fight these threats by using a tried and true security program that is fully up-to-date, having backup copies of all their files, and storing these backups on an external memory utility or the cloud. Apart from file backups, computer users are counseled to learn how to deal with spam emails and similar potentially unsafe content safely. The combination of the security program, the file backups, and better procedures when dealing with risky online content can help prevent an invasion by most threats like the Locdoor Ransomware. Unfortunately, threats like the Locdoor Ransomware use an encryption method that is unbreakable currently, meaning that computer users will not be capable of restoring access to the files encrypted by the Locdoor Ransomware unless they have the decryption key.