FilesLocker is a new ransomware-as-a-service (RaaS) that targets Chinese and English speaking users. The creators of FilesLocker are offering the malware to other attackers for distribution in return for a share of the ransom payments.
FilesLocker encrypts files using the RSA 2048+AES algorithm and then appends the .locked extension to encrypted files. It will then display a ransom screen that cannot be closed. Ransom notes in Chinese and English are created in various folders throughout the computer.
When encrypting a victim’s files, it targets specific folders such as the Desktop, Documents, Music, Pictures, etc and appends the .locked extension to encrypted files.
- Microsoft Windows – Versions 10, 8.1, 8, Vista, 7 and XP
- Microsoft Windows Server – All versions (32- and 64-bit)
Indicators of Compromise
hxxps://i.loli.net/2018/08/31/5b88484028ab1.png – ransom note
- #DECRYPT MY FILES#.txt
- Windows Update.exe [ Details Here ]
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.