FilesLocker Ransomware
FilesLocker is a new ransomware-as-a-service (RaaS) that targets Chinese and English speaking users. The creators of FilesLocker are offering the malware to other attackers for distribution in return for a share of the ransom payments.
FilesLocker encrypts files using the RSA 2048+AES algorithm and then appends the .locked extension to encrypted files. It will then display a ransom screen that cannot be closed. Ransom notes in Chinese and English are created in various folders throughout the computer.
When encrypting a victim’s files, it targets specific folders such as the Desktop, Documents, Music, Pictures, etc and appends the .locked extension to encrypted files.
Affected Platforms
- Microsoft Windows – Versions 10, 8.1, 8, Vista, 7 and XP
- Microsoft Windows Server – All versions (32- and 64-bit)
Indicators of Compromise
URL’s
hxxps://2no.co/239Ys5
hxxps://i.loli.net/2018/08/31/5b88484028ab1.png – ransom note
MD5
D1c2f79125818f1e7ea16784acf63712
Email Address
Filenames
- #解密我的文件#.txt
- #DECRYPT MY FILES#.txt
- Windows Update.exe [ Details Here ]
Bitcoin Address
- 3EZGS8P439PbBeiWjsGYjSSaRHn9CXKDRQ
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.
fileslocker is a kind of ransomware process which is infected by the viral process of sending the files form one direction to another direction. and this can be notified with the antivirus protection.