RandomLocker Ransomware

Posted: April 30, 2018

RandomLocker Ransomware Description

The RandomLocker Ransomware is a Trojan that uses AES encryption for locking your files. The RandomLocker Ransomware infections also include other symptoms besides being unable to open your digital media, such as changes to the desktop, extensions and pop-ups. Ignoring the ransoming instructions, recovering data with free solutions, and having anti-malware products delete the RandomLocker Ransomware safely are the responses malware experts recommend.

A Not-So-Random File Locker

The installation and setup routines for a new, file-locking Trojan are offering hints of how its threat actors might distribute it in the future. The Trojan, the RandomLocker Ransomware, uses AES-based encryption for locking the files that it can hold hostage while demanding money from their owners. However, the initial installation process includes setting up the unlocking key manually, which means that the RandomLocker Ransomware, almost certainly, is installing itself after a threat actor gains the ability to place software on a remote machine arbitrarily.

This infection strategy could use additional threats, such as a Trojan with downloading or backdoor capabilities, or the con artists could gain remote access via native RDP features. In either case, the RandomLocker Ransomware's initial setup displays a configurable decryption code and lists the various files that it locks. Malware experts also can confirm that the RandomLocker Ransomware includes some limited C&C communications that could allow the threat actor to track statistics associated with the infected PC (such as when it occurred and whether or not the victim has paid) from a dedicated Web panel.

After completing its file-locking task, the RandomLocker Ransomware displays an Anonymous-themed image on the desktop and loads its ransom note, which includes the decryption feature, a timer, and general instructions on buying Bitcoins. Since paying the Bitcoin fee may not give you a decryptor, any victims should withhold their money, if possible.

Cutting Down the Randomness on Opening Your Files

The extreme affordability of the RandomLocker Ransomware's ransom, no more than ten dollars in the cryptocurrency, suggests that its threat actors aren't coordinating a campaign against government systems or the private sector. The distribution methods common to these 'cheap' forms of file-locking Trojans, in particular, often emphasize mislabeled downloads, such as torrents for triple-A games or 'cracked' software deliberately. However, malware experts also are observing other distribution methods in active use for Trojans with similar attacks, including exploit kits and spam e-mails.

Victims should, if possible, use backups for retrieving any files that the RandomLocker Ransomware blocks. If they're unavailable, users may contact members of the cyber-security community with experience in cryptography for identifying any vulnerabilities that may exist in the Trojan's payload. Developing a compatible decryptor for free is sometimes possible. Remove the RandomLocker Ransomware with an appropriate anti-malware program and pay attention to potential vulnerabilities, such as lax RDP settings, that a threat actor could use in future attacks.

Other than its still-unknown distribution techniques, there is little that's random about the RandomLocker Ransomware. Both casual and work-focused PC users can further reduce the randomization of its file attacks as long as they monitor their downloads and back up their valuable media.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to RandomLocker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware RandomLocker Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.