Threat Database Ransomware WormLocker Ransomware

WormLocker Ransomware

The WormLocker Ransomware is an extremely harmful malware threat capable of causing tremendous damage to computer systems it has managed to infect. At first glance, the WormLocker Ransomware operates as typical ransomware - it encrypts its victims' files with an uncrackable cryptographic algorithm. It then demands payment of a ransom for the supposed recovery of the data. Closer analysis, however, reveals that the threat causes severe system errors upon a restart of the computer system regardless of the right decryption code has been purchased from the hackers or not. 

When the WormLocker Ransomware infiltrates the victim's computer, it initiates its encryption routine and then displays a ransom note inside a new window that takes up the whole screen. According to the instruction, affected users have to send Paysafe card codes worth at least 50 euros to the email address provided by the hackers - 'the WormLocker' A countdown timer shows the time that users have left to send the money and receive the required decryption code. The hackers also warn that if the timer runs out or the computer is shutdown/restarted, all encrypted data will no longer be repairable, in addition to the operating system no longer working properly. Unfortunately, this is indeed the case - no matter if a decryption code has been provided, closing the ransom note or restarting the computer results in a new message from the WormLocker Ransomware that informs users of a critical failure of the operating system. The hackers offer two options out of this situation - reinstalling the entire OS or repairing LogonUI.exe. 

 Such destructive behavior is not often seen as most ransomware creators want to create at least a pretense of being capable of restoring the locked data. As such, it can be presumed safely that the WormLocker Ransomware is not part of any of the already established ransomware families. 

 The ransom note displayed in the WormLocker Ransomware's window states:

 'What happened?

 All your files, documents, videos, pictures and

other files have been encrypted with a special


If you want the files back, you have to send the

paysafecard code to the email

"the WormLocker".

After sending the amount of 50 euros, you will

receive a decrypt code to unlock all files.

 What happens if I don't pay?

 If you do not pay by a certain time or turn off the

computer, all your data will be permanently

deleted and you computer will not turn on


 The message shown after closing the ransom note or restarting the computer is:

 'Oh no ... If you see this one the screen, you've probably misread the

instructions. At this point, you must reinstall an operating system that

has been severely damaged. All your files will not longer be repairable.

There is no possibility to escape, if you succeed, you belong to those

smart and sensible people.

 Howe to get rid of this screen?

 Method 1. The easies way is to reinstall the operating system using the

installation media

 Method 2. If you do not want to reinstall the system, you must repair



Most Viewed