RandomLocker Ransomware
The RandomLocker Ransomware is a Trojan that uses AES encryption for locking your files. The RandomLocker Ransomware infections also include other symptoms besides being unable to open your digital media, such as changes to the desktop, extensions and pop-ups. Ignoring the ransoming instructions, recovering data with free solutions, and having anti-malware products delete the RandomLocker Ransomware safely are the responses malware experts recommend.
A Not-So-Random File Locker
The installation and setup routines for a new, file-locking Trojan are offering hints of how its threat actors might distribute it in the future. The Trojan, the RandomLocker Ransomware, uses AES-based encryption for locking the files that it can hold hostage while demanding money from their owners. However, the initial installation process includes setting up the unlocking key manually, which means that the RandomLocker Ransomware, almost certainly, is installing itself after a threat actor gains the ability to place software on a remote machine arbitrarily.
This infection strategy could use additional threats, such as a Trojan with downloading or backdoor capabilities, or the con artists could gain remote access via native RDP features. In either case, the RandomLocker Ransomware's initial setup displays a configurable decryption code and lists the various files that it locks. Malware experts also can confirm that the RandomLocker Ransomware includes some limited C&C communications that could allow the threat actor to track statistics associated with the infected PC (such as when it occurred and whether or not the victim has paid) from a dedicated Web panel.
After completing its file-locking task, the RandomLocker Ransomware displays an Anonymous-themed image on the desktop and loads its ransom note, which includes the decryption feature, a timer, and general instructions on buying Bitcoins. Since paying the Bitcoin fee may not give you a decryptor, any victims should withhold their money, if possible.
Cutting Down the Randomness on Opening Your Files
The extreme affordability of the RandomLocker Ransomware's ransom, no more than ten dollars in the cryptocurrency, suggests that its threat actors aren't coordinating a campaign against government systems or the private sector. The distribution methods common to these 'cheap' forms of file-locking Trojans, in particular, often emphasize mislabeled downloads, such as torrents for triple-A games or 'cracked' software deliberately. However, malware experts also are observing other distribution methods in active use for Trojans with similar attacks, including exploit kits and spam e-mails.
Victims should, if possible, use backups for retrieving any files that the RandomLocker Ransomware blocks. If they're unavailable, users may contact members of the cyber-security community with experience in cryptography for identifying any vulnerabilities that may exist in the Trojan's payload. Developing a compatible decryptor for free is sometimes possible. Remove the RandomLocker Ransomware with an appropriate anti-malware program and pay attention to potential vulnerabilities, such as lax RDP settings, that a threat actor could use in future attacks.
Other than its still-unknown distribution techniques, there is little that's random about the RandomLocker Ransomware. Both casual and work-focused PC users can further reduce the randomization of its file attacks as long as they monitor their downloads and back up their valuable media.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.