XMRLocker Ransomware

By CagedTech in Ransomware

Translate To:

The XMRLocker Ransomware aims to infect the target's computer, initiate an encryption routine, and lock nearly all of the files stored there. Victims will then be extorted for money, in exchange for receiving the decryption key and tool from the hackers. To mark the files it locks, the threat appends '.[XMRLocker]' to their original names as a new extension. When the encryption process is complete, a ransom note is dropped on the breached device as a text file named 'ReadMe(HowToDecrypt).txt.'

The note doesn't mention the exact amount that the hackers want to receive but it does warn that after 48 hours the price will be doubled. To receive further instructions, victims are directed towards contacting two email addresses - 'lockxmr@daum.net' and 'lockxmr@airmail.cc.' The hackers allow for a single file that is less than 1MB in size to be attached to the email message. They promise to unlock it for free and then return it back to the user.

The full text of the ransom note is:

'~All your files are encrypted with Base-64 algorithm~

Don't worry, all your files can be restored.

Contact us by e-mail to find out the price for data decryption with next template:

Hello, my ID: …

I offer for my info decryption … $

Our e-mail contacts:
lockxmr@daum.net
lockxmr@airmail.cc

As proof that we can decrypt your files you can send us 1 file weighing no more than 1 MB.

Please note:

If you do not pay within 48 hours, the price for data decryption will double (x2).
Сhanging, editing or renaming encrypted files can lead to the fact that the data cannot be restored.

Your unique ID:'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

XMRLocker Ransomware

Submit Comment

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen