The RansomUserLocker Ransomware is an encryption ransomware Trojan first observed in January 2018. The RansomUserLocker Ransomware seems to target computer users located in Korea. The RansomUserLocker Ransomware displays a ransom note written in Korean using red characters over a black background. The RansomUserLocker Ransomware's ransom note is quite long. However, since there is nothing limiting the RansomUserLocker Ransomware attacks to a specific geographic location, many computer users may be perplexed to find out that they cannot access their files and a message written in what may be an unrecognizable language appears on their computers.
How the RansomUserLocker Ransomware is Distributed
The RansomUserLocker Ransomware's purpose, as well as of most ransomware threats, is to take victims' files hostage, using a strong encryption algorithm to encrypt their contents. The RansomUserLocker Ransomware and similar threats can be distributed in many ways to their victims. The most common distribution method associated with threats like the RansomUserLocker Ransomware is the use of compromised email attachments, commonly in the form of DOCX or PDF files attached to spam email messages. These files will frequently contain embedded macro scripts that download and install the RansomUserLocker Ransomware onto the victim's computer. The RansomUserLocker Ransomware also may be installed on the victim's computer by third parties hacking unsecured RDP connections or other possible ports of entry directly. Once the RansomUserLocker Ransomware is installed on the victim's computer, the RansomUserLocker Ransomware will take over the victim's computer and prevent the victim from gaining access to files on the affected PC.
How the RansomUserLocker Ransomware Carries out Its Attack
Once the RansomUserLocker Ransomware is installed, it contacts its Command and Control servers to relay information about the infected computer. The RansomUserLocker Ransomware will target the user-generated files while avoiding the Windows system files. The file types that are usually encrypted by attacks like the RansomUserLocker Ransomware include:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
The RansomUserLocker Ransomware uses the RSA and AES encryptions to make the victim's files inaccessible. The RansomUserLocker Ransomware delivers its ransom note in a file named 'READ_ME.txt,' which displays a long ransom note written entirely in Korean. The ransom note claims that the victim must pay 1 Bitcoin, a very large amount at the current exchange rate, and contains instructions on how to purchase Bitcoins and access the payment portal.
Protecting Your Computer from Threats Like the RansomUserLocker Ransomware
Computer users that take precautions against ransomware Trojans like the RansomUserLocker Ransomware will avoid countless problems. One of the first steps that computer users should take to ensure that their files are protected from these threats is to handle spam email messages and other possible distribution vectors safely. The use of a security program that is fully up-to-date also can help protect computer users from threats like the RansomUserLocker Ransomware. The best protection against the RansomUserLocker Ransomware, however, is to ensure that the files can be recovered after they have been encrypted. Because of this, any computer users should have backup copies of their files. Having the ability to restore the compromised files instantly is the best way to ensure that the people responsible for the RansomUserLocker Ransomware are not capable of threatening you or taking your money.