Threat Database Ransomware LOCKEDFILECR Ransomware


Cybercriminals have unleashed a new ransomware threat that is capable of impacting a wide range of file types and leaving them in an unusable state. Like most ransomware, this LOCKEDFILECR threat also utilizes an encryption routine with a sufficiently strong cryptographic algorithm. The goal of the threat actors is to use the encrypted files as leverage to extort hefty sums of money from their victims.

When this particular malware threat encrypts a file, it will mark it by appending '.LOCKEDFILECR' to the file's original name. When all targeted file types on the breached device have been processed, the threat also will drop a ransom note with instructions from its operators. The ransom-demanding message will be delivered to the infected systems as a text file named 'ReadMe.LOCKEDFILECR.txt.'

The text of LOCKEDFILECR Ransowmare's message suggests that the threat is mostly deployed on corporate targets. Indeed, the attackers claim to have collected vast amounts of data - over 2 TB, that will be released to the public. The collected data also will supposedly be leaked to clients of the victims. To prevent this outcome, the affected organizations are given 72 hours to contact the cybercriminals on their dedicated websites hosted on the TOR network.

The full text of the ransom note is:


All your files are encrypted by reliable encryption algorithms
There is no other way to recover your files without our help
All encrypted files have .LOCKEDFILECR extension
You can recover all your files only if contact us within 72 hours
There is no other way to get your files back

Also more then 2 TERABYTES of your data has been updloaded to our server (including SQL databases)
After 72 hours We will inform all your clients and social media about this incident.

You have only 72 hours to stop it.

How to contact us:
1) Install TOR browser from: hxxps://
2) Contact us by this link:


Most Viewed