Threat Database Ransomware OopsLocker Ransomware

OopsLocker Ransomware

By GoldSparrow in Ransomware

The OopsLocker Ransomware is an encryption ransomware Trojan, designed to make the victims' files inaccessible through the use of a strong encryption algorithm. Using a fusion of the AES and RSA encryptions, the OopsLocker Ransomware will prevent victims from accessing their files. The OopsLocker Ransomware then demands the payment of a ransom in exchange for the decryption key, which is needed to decipher the affected files. The OopsLocker Ransomware is being delivered to victims through the use of spam email messages, which will often use corrupted DOCX attachments. These attachments are Microsoft Word files, which will include a corrupted macro script that downloads and installs the OopsLocker Ransomware onto the victim's computer.

How the OopsLocker Ransomware Infection Works

Computer users careless with emails and that allow these macros to be executed may end up downloading and installing the OopsLocker Ransomware onto their computers. Once the OopsLocker Ransomware has been installed, it will communicate with its Command and Control server to deliver information about the infected computer, the files it will encrypt, and to receive information needed to carry out its encryption attack. The OopsLocker Ransomware will then begin encrypting the victim's files. The OopsLocker Ransomware will encrypt a variety of file types, focusing on the user-generated Microsoft Office files, databases and other file types especially. The OopsLocker Ransomware will add the file extension '.oops' to each affected file. The OopsLocker Ransomware will encrypt the following file types in its attack:

.accdb, .backup, .class, .djvu, .docb, .docm, .docx, .dotm, .dotx, .html, .java, .jpeg, .lay6, .mpeg, .onetoc2, .OutJob, .PcbDoc, .potm, .potx, .ppam, .ppsm, .ppsx, .pptm, .pptx, .PrjPcb, .rsrc, .SchDoc, .sldm, .sldx, .sqlite3, .sqlitedb, .step, .text, .tiff, .vmdk, .vsdx, .xlsb, .xlsm, .xlsx, .xltm, .xltx.

After the OopsLocker Ransomware finished encrypting the victim's files, the OopsLocker Ransomware will display a ransom note on the infected computer, demanding that the victim pays a ransom to recover the affected files. The full text of the OopsLocker Ransomware ransom note, which appears in a pop-up window is:

'Oops, all data in your computer has been encrypted.
Your encrypted key file is: C: \PrograrnData\oops\EncryptedKey
Your computer name is: *****
If you wanna decrypt all your data, please send 0.1 bitcoin to the address:
But BEFORE you pay me, you should send me an email with the ENCRYPTED KEY FILE as an attachment, YOUR COMPUTER NAME and BITCOIN ADDRESS you will pay with. So that i can know it's your payment.
My email address is: only4you@protonmail. com
After i confirm the payment, i'll send you an email with your KEY and COMPUTER NAME for decryption, you can input it below, and decrypt.
If you press Decrypt with right KEY, WAIT PATIENTLY, don't do anything until decryption succeeded I!!
If you close it, you can reopen it in C:\ProgramData\oops\oops.exe.
When you reopen it, you should open as Administrator, otherwise, not all data can be decrypted properly. Very Important!!!
Do not modify anything in the oops folder before you pay!!! Very Important!!!
You'd better pay it in a week, the prize will double every week.
If you have any questions, send me an email. I will reply as soon as possible!'

Dealing with an OopsLocker Ransomware Infection

The OopsLocker Ransomware demands a ransom payment between $200 and $300 USD, depending on the exchange rate for BitCoins (which tends to fluctuate constantly). PC security analysts advise computer users to refrain from paying the OopsLocker Ransomware ransom. Instead of paying this ransom, malware analysts advise computer users to use a reliable security program that is fully up to date to remove all traces of the OopsLocker Ransomware from their computers. The files affected by the OopsLocker Ransomware attack should then be restored from the backup copies. Having backup copies of your files is the best protection against ransomware Trojans like the OopsLocker Ransomware since it removes any leverage the on artists have over their victims, which will allow them to demand a ransom payment.

SpyHunter Detects & Remove OopsLocker Ransomware

File System Details

OopsLocker Ransomware creates the following file(s):
# File Name MD5 Detections
1. file.exe 74257f66ac9e43b15b98ee7166f8bdc7 0


Most Viewed