LockeR Ransomware

LockeR Ransomware Description

Type: Ransomware

The LockeR Ransomware is an encryption ransomware Trojan that is installed by con artists taking advantage of unsecured remote desktop accounts or through spam email message specifically. The LockeR Ransomware seems to be an independent ransomware Trojan rather than belonging to a larger family of threats. The LockeR Ransomware attacks seem to prioritize Web servers and businesses rather than individuals. The LockeR Ransomware attack's main purpose is to encrypt the victim's files by using a strong encryption algorithm.

The Ransom Demanded by the LockeR Ransomware may be Very High

The LockeR Ransomware uses a strong encryption algorithm to make victims' files inaccessible, looking for the user-generated files such as those with the following file extensions specifically:

.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks, .jpeg, .jpg, .key, .mdb, .md2, .mdf, .mht, .mobi, .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.

Ransomware Trojans like the LockeR Ransomware demand extraordinarily-high ransoms because their targets tend to be corporations rather than individuals. It is not uncommon for the LockeR Ransomware to demand a ransom of tens of thousands of dollars. The LockeR Ransomware payment is demanded in Bitcoins, which the victims must transfer to the con artists using TOR. The LockeR Ransomware delivers a text file to make its ransom demands as part of the attack. A file with the name [How_To_Decrypt_Files].txt, is placed on the infected computer's desktop, and it reads as follows:

'What happened to my files ?
All of your important files were encrypted using a combination of RSA-2048 and AES-256.
What does this mean ?
This means that your files were modified in a way that makes working with them impossible, unless you have the keys to decrypt them.
Is it possible to recover my files ?
Yes, it possible to get your files back, you'll need a special program (decryptor) and the private key of the key pair used to encrypt them.
How can I get the decryptor and the private key ?
You can buy both of them in any of the links below. Just visit one of them and follow the instructions.
[links to customized payment pages on the TOR network]
If you cannot access the site from any of the addresses above, you can follow the instructions below to access the site using the Tor Browser.
Download the Tor Browser Bundle here: h[tt]ps://
Execute the file you downloaded to extract the Tor Browser into a folder on your computer.
Then simply open the folder and click on "Start Tor Browser".
Copy and paste the onion address into the address bar: h[tt]p://lockerrwhuaf2jjx.onion/[unique ID]/'

Dealing with the LockeR Ransomware Infection

Computer users are counseled by security experts to refrain from paying the LockeR Ransomware ransom. The payment of the ransom does not mean that the affected files will be restored and it is not uncommon for the people responsible for these attacks to compromise the victims' files and then never respond to the ransom payment. Furthermore, paying the LockeR Ransomware ransom allows the people responsible for the LockeR Ransomware to continue financing their threats and creating new threat variants. Instead of paying the LockeR Ransomware ransom, computer users should take steps to protect their files by using a fully updated anti-malware application. A combination of file backups and a good anti-malware program can ensure that most computer users are well-protected from threats like the LockeR Ransomware.

Technical Information

File System Details

LockeR Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 MinecraftChecksumValidator.exe b242a61cb751db5f99e5fc77270c1e07 29
2 rkcl.exe 4c135a6fca99ecc6396e695226ba20da 1
More files

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.