AdamLocker Ransomware

The 'AdamLocker' Ransomware is a Trojan that may lock your files by encrypting them, changing their extensions or modifying their permissions or attributes. While such attacks are meant to force you to pay a ransom for recovering your data, malware experts recommend implementing other options with the help of any appropriate recovery software or cyber security researchers. Keeping your PC protected with dedicated anti-malware products also can delete the 'AdamLocker' Ransomware and stop any data-harming attacks before they can occur.

Adam Strikes Back

The threat actor referring to himself as 'Adam' seems to be continuing launching Trojan campaigns in close succession to one another, possibly to confuse any recovery efforts by third parties. The 'AdamLocker' Ransomware is the newest file-locking Trojan joining the previous Free-Freedom Ransomware and the Roga Ransomware with an all-new ransom message. Unlike some of its relatives, early evidence leads malware experts to believe that the 'AdamLocker' Ransomware does include the ability to encrypt the files on the infected PC.

The 'AdamLocker' Ransomware may encrypt local content based on filtering out either inappropriate directories (such as the Windows folder) or inappropriate extensions. Of the latter, malware researchers most often find threats of this type targeting text data, such as Word documents or spreadsheets, as well as media like pictures or audio clips. In rare cases, the threat actor may configure threats like the 'AdamLocker' Ransomware to attack executable files, rendering their related programs inoperable, until you reinstall them.

The 'AdamLocker' Ransomware also loads a new extortion message, although it uses a similar, HTA-based format that malware experts also see with the Roga Ransomware and the Free-Freedom Ransomware. This pop-up window provides a simple shortcut to a website for paying its ransom in Bitcoins or other, equally difficult-to-trace currencies. Supposedly, making a payment will give the victim the decryption code that its threat actor threatens to delete if the PC user closes the original ransom window.

Shooing Death's Head Away from Your Files

Although any victim of a file-encrypting Trojan's attacks should consider what recovery options are available without paying a con artist's ransom, malware experts see additional reasons to emphasize these possibilities with the 'AdamLocker' Ransomware. Other threats by the same author are notable for providing inaccurate information about the means by which they lock your files, and the 'AdamLocker' Ransomware also may be vulnerable to third-party decryption tools. Paying the ransom may or may not return any legitimate form of file-unlocking service.

However, PC owners with a backup can simply ignore any decryption issues and overwrite the damaged files with the unharmed copies. To stop the backup from also being compromised, malware experts suggest that you disinfect your PC and remove the 'AdamLocker' Ransomware with the anti-malware product of your preference beforehand. Never give an infected PC potential access to your only remaining backups such as network-accessible drives or removable storage devices.

The word is still underway on how 'Adam' is distributing the 'AdamLocker' Ransomware to new PCs. PC owners with a substantial investment in their saved files should continue considering the benefits of having backups and automatic anti-malware defenses to counteract the payloads of data hostage-taking Trojans like the 'AdamLocker' Ransomware.

Technical Details