LockeR Ransomware DescriptionType: Ransomware
The LockeR Ransomware is an encryption ransomware Trojan that is installed by con artists taking advantage of unsecured remote desktop accounts or through spam email message specifically. The LockeR Ransomware seems to be an independent ransomware Trojan rather than belonging to a larger family of threats. The LockeR Ransomware attacks seem to prioritize Web servers and businesses rather than individuals. The LockeR Ransomware attack's main purpose is to encrypt the victim's files by using a strong encryption algorithm.
The Ransom Demanded by the LockeR Ransomware may be Very High
The LockeR Ransomware uses a strong encryption algorithm to make victims' files inaccessible, looking for the user-generated files such as those with the following file extensions specifically:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb, .md2, .mdf, .mht, .mobi, .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
Ransomware Trojans like the LockeR Ransomware demand extraordinarily-high ransoms because their targets tend to be corporations rather than individuals. It is not uncommon for the LockeR Ransomware to demand a ransom of tens of thousands of dollars. The LockeR Ransomware payment is demanded in Bitcoins, which the victims must transfer to the con artists using TOR. The LockeR Ransomware delivers a text file to make its ransom demands as part of the attack. A file with the name [How_To_Decrypt_Files].txt, is placed on the infected computer's desktop, and it reads as follows:
'What happened to my files ?
All of your important files were encrypted using a combination of RSA-2048 and AES-256.
What does this mean ?
This means that your files were modified in a way that makes working with them impossible, unless you have the keys to decrypt them.
Is it possible to recover my files ?
Yes, it possible to get your files back, you'll need a special program (decryptor) and the private key of the key pair used to encrypt them.
How can I get the decryptor and the private key ?
You can buy both of them in any of the links below. Just visit one of them and follow the instructions.
[links to customized payment pages on the TOR network]
If you cannot access the site from any of the addresses above, you can follow the instructions below to access the site using the Tor Browser.
Download the Tor Browser Bundle here: h[tt]ps://www.torproject.org.
Execute the file you downloaded to extract the Tor Browser into a folder on your computer.
Then simply open the folder and click on "Start Tor Browser".
Copy and paste the onion address into the address bar: h[tt]p://lockerrwhuaf2jjx.onion/[unique ID]/'
Dealing with the LockeR Ransomware Infection
Computer users are counseled by security experts to refrain from paying the LockeR Ransomware ransom. The payment of the ransom does not mean that the affected files will be restored and it is not uncommon for the people responsible for these attacks to compromise the victims' files and then never respond to the ransom payment. Furthermore, paying the LockeR Ransomware ransom allows the people responsible for the LockeR Ransomware to continue financing their threats and creating new threat variants. Instead of paying the LockeR Ransomware ransom, computer users should take steps to protect their files by using a fully updated anti-malware application. A combination of file backups and a good anti-malware program can ensure that most computer users are well-protected from threats like the LockeR Ransomware.
File System Details
|#||File Name||MD5||Detection Count|
- Loki Locker Ransomware
- BiggyLocker Ransomware
- AvosLocker Ransomware
- XMRLocker Ransomware
- G0dsito Business Screenlocker
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.