Locker Virus

Locker Virus Description

Type: Ransomware

The Locker Ransomware is a variant of encryption ransomware infections that have been linked to Cryptolocker and similar attacks. However, there are several characteristics specific to the Locker Ransomware that have not been observed before in connection with other attacks. However, the main Locker Ransomware attack is similar to other encryption attacks in that the Locker Ransomware targets the victims' computers and then takes them hostage by encrypting its files and demanding a fee in trade for the encryption key.

The Locker Ransomware – The New Nome of an Old Tactic

The Locker Ransomware may contain a version number with the form x.xx, with a random numeral in the place of each x. The Locker Ransomware targets image files and Microsoft Office documents. Curiously enough, the Locker Ransomware does not target all files. For example, the Locker Ransomware will encrypt .jpg files, but will not encrypt files with the extension .JPG, even though they are both the same.

One curious aspect of the Locker Ransomware is that the Locker Ransomware has a fuse, rather than attacking right away. This means that it may be very difficult for computer users to pinpoint exactly which file downloaded contains the Locker Ransomware components. Although it has not been confirmed exactly what files are being used to distribute the Locker Ransomware, it tends to attack computer users using Google Chrome and these attacks have been associated with a cracked version of the popular game Minecraft released by TeamExtreme and various Websites for streaming sports. The Locker Ransomware attack was activated automatically on May 25th at midnight, using the infected computer's system clock. The Locker Ransomware may trigger at other times, but a rash of the Locker Ransomware attacks happened exactly on this date and time.

Exactly at midnight of May 25th, 2015, a Window service by the name of ldr.exe and an application named rkcl.exe was executed automatically, encrypting the victim's files and locking them away. Then a message appeared indicating that computer users had 72 hours to recover their files by making a payment of 0.1 Bitcoin. This payment is substantially less than what is demanded by other similar encryption threats. This may indicate that the Locker Ransomware is being used to target a different set of computer users or that the creation and management of these attacks are becoming more widespread. The Locker Ransomware blocks System Restore and prevents other recovery methods such as bringing back Shadow Volume copies of encrypted files.

Is the Locker Ransomware Hiding in Your Computer?

If you suspect that the Locker Ransomware is waiting to unleash its attack on your computer, PC security researchers recommend searching the ProgramData folder on your main drive. The Locker Ransomware will create folders named Digger, tor, steg, and rkcl. Steg, in particular, is created before the Locker Ransomware activates, meaning that it can be a good indicator for detecting the presence of the Locker Ransomware on a computer.

Prevention and Recovery from the Locker Ransomware Infection

The best way to protect your files from threats like the Locker Ransomware is always to back them up using cloud or an external hard drive. If your computer is synced automatically with a cloud backup service, encrypted or corrupted versions of files may replace the good versions of your files, so steps to prevent this may need to be taken. Your computer should be protected by a strong security application that is fully up-to-date. In most cases, an anti-virus program is capable of removing the Locker Ransomware infection from your computer. However, it will not be able to help you recover your files. Although paying the Locker Ransomware's ransom may help you recover them, there is no guarantee that its developers will deliver on their word.

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.