NOT_OPEN_LOCKER Ransomware

The NOT_OPEN_LOCKER Ransomware is an encryption ransomware Trojan that was first observed in the final days of September 2018. The NOT_OPEN_LOCKER Ransomware is a variant of existing ransomware Trojans, although it is still not certain whether it is part of a larger ransomware family, or merely the result of criminals reusing existing code. The NOT_OPEN_LOCKER Ransomware, like most encryption ransomware Trojans being used today, is designed to take the victims' files hostage and is typically delivered using spam email attachments.

How the NOT_OPEN_LOCKER Ransomware Attack Works

Once the NOT_OPEN_LOCKER Ransomware is installed onto the victim's computer, the NOT_OPEN_LOCKER Ransomware scans the victim's computer for certain file types, creating a list of data that will be targeted in its attack. The NOT_OPEN_LOCKER Ransomware will then use strong encryption algorithms to make the victim's data inaccessible, renaming each affected file by adding the file extension '.[notopen@countermail.com].NOT_OPEN' to the end of them. The NOT_OPEN_LOCKER Ransomware targets the user-generated files, which may include files with the following file types:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.

The NOT_OPEN_LOCKER Ransomware delivers a ransom note in the form of a text file named '!_HOW_RECOVERY_FILES_!.txt,' which contains the text message showed below:

'HELLO, DEAR FRIEND!
1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ]
Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program.
2. [ HOW TO RECOVERY FILES? ]
To receive the decryption program write to email: notoperacountermail.com And in subject write your ID: ID-we send you full instruction how to decrypt all your files. If we do not respond within 24 hours, write to the email: not.open@mailfence.com
3. [ FREE DECRYPTION! ] Free decryption as guarantee.
We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.)'

Protecting Your Data from Threats Like the NOT_OPEN_LOCKER Ransomware

PC security researchers strongly advise computer users to ignore the NOT_OPEN_LOCKER Ransomware ransom message and not to pay the NOT_OPEN_LOCKER Ransomware ransom amount under any circumstances. Paying these ransoms allows criminals to continue creating and updating threats like the NOT_OPEN_LOCKER Ransomware. The best protection against these attacks is to have backup copies of your files. Having backup copies stored on the cloud or an external memory device allows computer users to restore their data easily without having to communicate or negotiate with the criminals responsible for the NOT_OPEN_LOCKER Ransomware.