Threat Database Ransomware MegaLocker Ransomware

MegaLocker Ransomware

By GoldSparrow in Ransomware

The MegaLocker Ransomware is an encryption ransomware Trojan, a threat used to take data hostage and then extract ransom payments from the victims. The MegaLocker Ransomware follows a typical encryption ransomware attack. At the moment, it seems that the MegaLocker Ransomware's main intended targets are websites and Web servers.

The MegaLocker Ransomware Attacks Websites and Web Servers

The MegaLocker Ransomware uses a strong encryption algorithm to encrypt databases, media files, and numerous other types of files on a compromised device. One of the first victims of the MegaLocker Ransomware is the website charles-small[.]com registered on the IP address It seems that one of the foremost ways in which the MegaLocker Ransomware is being distributed is through corrupted WordPress plugins. The following are examples of the files that threats like the MegaLocker Ransomware target in these attacks:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

Unfortunately, once the MegaLocker Ransomware has encrypted the files, they are no longer recoverable without the decryption key. The MegaLocker Ransomware marks the files it encrypts with the file extension '.crypted,' added to the end of each file's name.

The MegaLocker Ransomware's Ransom Demands

Threats like the MegaLocker Ransomware demand a ransom payment after encrypting the victim's files. To do this, the MegaLocker Ransomware drops a text file named '!DECRYPT_INSTRUCTION.txt' in the root directory. The MegaLocker Ransomware demands a ransom payment of 800 USD in exchange for the decryption key from companies and 250 USD from individuals. The following is the full text of the MegaLocker Ransomware ransom note:

'What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using MegaLocker Virus.
What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
What do I do ?
You can buy decryption for $800 for company and 250$ for private person.
But before you pay, you can make sure that we can really decrypt any of your files.
To do this, send us 1 random encrypted file to, a maximum of 5 megabytes, we will decrypt them
and we will send you back. Do not forget to send in the letter your unique id:
[random characters]
You can check the decryption of more than one file, but no more than 3.
To do this, send us two more letters with files, there should be only one file in each letter!
If you are a private person, then send your private photo (birthday, holidays, hobbies and so on),
this will prove to us that you are a private person and you will pay 250$ for decrypting files.
If you are not a private person - Do not try to deceive us!!!
Do not complain about these email addresses, because other people will not be able to decrypt their files!
After confirming the decryption, you must pay it in bitcoins. We will send you a bitcoin wallet along with the decrypted file.
You can pay bitcoins online in many ways: - payment by bank card
About Bitcoins:
If you have any questions, write to us at'

PC security researchers are against paying the MegaLocker Ransomware ransom. Instead, backups should be used to restore any lost data.


Most Viewed