RegretLocker Ransomware

Cybersecurity experts have identified a new ransomware family that boasts a rather interesting feature enabling it to encrypt the files used by Windows Virtual Machines. While this feature will not do much to the computer of the average Internet user, it may prove to be devastating if the RegretLocker Ransomware manages to penetrate the cybersecurity measures of a larger company network. Apart from the peculiar interest in virtual machines, the RegretLocker Ransomware does not have any other special features. However, its encryption is considered impossible to crack, so its victims will not have free decryption options.

The RegretLocker Ransomware is not spread widely, but this may be owed to the fact that this file-locker is still very new. Its authors may be running a small-scale campaign to test their product and determine whether they should expand their operation.

When the RegretLocker Ransomware manages to execute its attack on a vulnerable computer, it will encrypt a wide range of files that use certain file extensions. The threat also makes sure to mark the names of the locked files by using the random '.mouse' extension. Finally, it drops the ransom message 'HOW TO RESTORE FILES.txt.' Apart from being impossible to crack, RegretLocker Ransomware's encryption routine has one other interesting feature – it makes use of the Windows Restart Manager API to stop all processes, which may use files that the ransomware tries to encrypt.

RegretLocker Ransomware's ransom note is very short, and it seems that the attackers prefer to use email for contact. They urge the victim to drop them a message at petro@ctemplar.com. Users affected by RegretLocker Ransomware's attack should not consider contacting the attackers because they will be extorted for money. The recommended action is to run an anti-virus tool to eradicate the threat and then try out popular data recovery tools.