The Locker ransomware has a very large install base that has affected
many people globally. As this topic is already quite large, and will
likely grow larger, this first post will be used to post any new
information as it becomes available.
Summary
The
Locker ransomware is a computer infection that silently runs on a
victim's computer until May 25 Midnight local time at which point it
became active. Once active, it will begin to encrypt the data files on
the computer with what appears to be RSA encryption. When encrypting the
data files it will not change the extension of the
file. Therefore, the only way to determine if the file is encrypted is
by trying to open it and being told that the file is corrupt or not
usable.
After the Locker ransomware encrypts your data it will
delete your shadow volume copies and then display the Locker interface.
This interface will be titled Locker and then a random version number.
This version number does not appear to have any significance. Some
example titles are Locker v1.7, Locker v3.5.3, Locker V2.16, and Locker
V5.52. This Locker screen will give you information on how to pay the
ransom, your unique bitcoin address to send the ransom to, a list of
encrypted files, and a page to check the status of your payment. More.....
Locker Ransomware Support Topic - General Security
No comments:
Post a Comment