FilesLocker Ransomware

FilesLocker is a new ransomware-as-a-service (RaaS) that targets Chinese and English speaking users. The creators of FilesLocker are offering the malware to other attackers for distribution in return for a share of the ransom payments.

FilesLocker encrypts files using the RSA 2048+AES algorithm and then appends the .locked extension to encrypted files. It will then display a ransom screen that cannot be closed. Ransom notes in Chinese and English are created in various folders throughout the computer.

When encrypting a victim’s files, it targets specific folders such as the Desktop, Documents, Music, Pictures, etc and appends the .locked extension to encrypted files.

Affected Platforms

  • Microsoft Windows – Versions 10, 8.1, 8, Vista, 7 and XP
  • Microsoft Windows Server – All versions (32- and 64-bit)

Indicators of Compromise



hxxps:// – ransom note



Email Address

[email protected]


  • #解密我的文件#.txt
  • Windows Update.exe [ Details Here ]

Bitcoin Address


FilesLocker – ransom note

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

One thought on “FilesLocker Ransomware

  • November 5, 2018 at 11:53 pm

    fileslocker is a kind of ransomware process which is infected by the viral process of sending the files form one direction to another direction. and this can be notified with the antivirus protection.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: