Korean AdamLocker Ransomware

The Korean AdamLocker Ransomware is a variant of the AdamLocker Ransomware and includes similar, file-encrypting attacks that can keep your media from opening. Korean-language pop-ups and inaccessible system tools are some of the additional symptoms of this threat's presence, which seeks to hold your data hostage until you pay its ransom. Traditional anti-malware software should uninstall the Korean AdamLocker Ransomware, or block its installation, without any trouble, and both freeware decryptors and backups can provide other recovery paths.

Adam and His Trojans Go Korean

For the first time, malware analysts are verifying a non-English version of a file-locking Trojan from the family pioneered by the threat actor known as 'Adam.' The Korean AdamLocker Ransomware is a direct descendant of the English-based AdamLocker Ransomware, whose family also includes the Roga Ransomware and the Free-Freedom Ransomware, which are notable for their sabotage of the Windows permissions settings. This family was most active in 2016, and 2018 the Korean AdamLocker Ransomware may not be under the administration of the same threat actor.

Although the Korean AdamLocker Ransomware's first executable runs from the base C drive, it creates a permanent copy in the 'Program Data' folder. Its payload includes several attacks for blocking, and, then, ransoming media, such as:

• The Korean AdamLocker Ransomware generates a pop-up warning similar to that of the first AdamLocker Ransomware, but this version of the window is in the Korean language. Its other details, including the link to an associated ransom-paying website, are consistent with the other members of this family of file-locking threats.
• The Korean AdamLocker Ransomware enumerates all the files on the PC's available drives and locks the non-essential data types, such as MP3s or DOCs. Its encryption method may be non-secure, and malware experts suggest contacting an appropriate cyber-security specialist, instead of paying the ransom if you require a decryption tool for restoring your files. Unusually, the Korean AdamLocker Ransomware doesn't change the extension it appends ('.adam') to this media.
• The Trojan also carries over many of the anti-security features of its relatives, such as disabling the Task Manager and other, default Windows applications. This attack both impedes any disinfection efforts and may make your PC more vulnerable than usual to a future attack.

Stopping Trojans from Hopping Borders

Some members of the Korean AdamLocker Ransomware's family disguise themselves as being documents for the Adobe's Acrobat Reader program. However, the Korean AdamLocker Ransomware may be in circulation as a supposed installer for the Adobe's Photoshop, instead, which points to its most likely infection vectors being file-sharing networks and software piracy-themed websites. Malware experts are verifying the Korean AdamLocker Ransomware's compatibility with 64-bit Windows environments, but other versions of Windows also are at a probable risk of infection.

Users can keep backups of their files in protected locations for removing the incentive for paying The Korean AdamLocker Ransomware's ransom demands, which usually will use potentially non-refundable currencies such as Bitcoin or Monero. The AV industry-wide rates of detection for the Korean AdamLocker Ransomware are higher than that of its predecessors, although malware experts always encourage updating your security software for maximum effectiveness. Users with appropriate anti-malware products available should delete the Korean AdamLocker Ransomware before the Trojan blocks any of your files.

The Korean AdamLocker Ransomware is putting an old application to brand-new uses in regions where it's not as ubiquitous. As the cybercrooks try to make money wherever they can find it, geography is becoming less relevant than previously to the risks that the Web represents to your work and media.