WickedLocker Ransomware

WickedLocker Ransomware Description

The WickedLocker Ransomware is a piece of crypto-threat based on HiddenTear, an open-source ransomware project that con artists may use to built ransomware that encrypts the victim's data quickly and then offers to help with decryption in exchange for money. The the WickedLocker Ransomware is not that different from other HiddenTear Ransomware variants like the KratosCrypt Ransomware and the DevNightmare Ransomware. Just like other variants of HiddenTear, the WickedLocker Ransomware uses an encryption algorithm that malware researchers can reverse successfully, and develop a working decryption utility that is guaranteed to recover the files of victims of the WickedLocker Ransomware.

When the WickedLocker Ransomware infects a computer, it does not notify the users that their files are being encrypted immediately. Instead, the ransomware injects its corrupted code in a background process, which scans through the user's hard drive quickly, and marks the files that will be encrypted later. Since ransomware authors prefer to have their corrupted software work as quickly as possible, they program it only to encrypt particular file types like documents, spreadsheets, photos, small media files, databases, backup files, and file extensions used by popular computer software suites. The WickedLocker Ransomware is the same, and it will only encrypt files that are used to store important or sensitive information that victims would like to restore as soon as possible.

The WickedLocker Ransomware does not use a custom file extension to mark the files it locks. However, users will still be able to recognize which of their files have been locked easily, because the WickedLocker Ransomware creates a new ransom note for each encrypted file by using the following naming pattern 'READ_IT .txt' (e.g. the ransom note for 'document.txt' will be 'READ_IT document.txt'). The ransom message that the WickedLocker Ransomware leaves behind is rather short, and it simply instructs users to contact wickedhosting@gmx.com for additional information and questions, as well as that they are required to pay 1 Bitcoin if they want to learn how to recover their files.

Paying the ransom fee that the WickedLocker Ransomware demands is not recommended, because there is not even a single guarantee that the attackers will help you when you send the money. Furthermore, some of the existing decryptors for HiddenTear variants might be able to restore your files successfully, so you should give this a try before attempting any other file recovery operations. Don't forget that your top priority at the moment should be to eliminate the WickedLocker Ransomware infection with the help of a reliable computer security tool.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to WickedLocker Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: November 14, 2016
Threat Metric
Threat Level: 8/10
Infected PCs 7
Home Malware Programs Ransomware WickedLocker Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.