FilesLocker Ransomware

FilesLocker is a new ransomware-as-a-service (RaaS) that targets Chinese and English speaking users. The creators of FilesLocker are offering the malware to other attackers for distribution in return for a share of the ransom payments.

FilesLocker encrypts files using the RSA 2048+AES algorithm and then appends the .locked extension to encrypted files. It will then display a ransom screen that cannot be closed. Ransom notes in Chinese and English are created in various folders throughout the computer.

When encrypting a victim’s files, it targets specific folders such as the Desktop, Documents, Music, Pictures, etc and appends the .locked extension to encrypted files.

Affected Platforms

  • Microsoft Windows – Versions 10, 8.1, 8, Vista, 7 and XP
  • Microsoft Windows Server – All versions (32- and 64-bit)

Indicators of Compromise

URL’s

hxxps://2no.co/239Ys5

hxxps://i.loli.net/2018/08/31/5b88484028ab1.png – ransom note

MD5

D1c2f79125818f1e7ea16784acf63712

Email Address

[email protected]

Filenames

  • #解密我的文件#.txt
  • #DECRYPT MY FILES#.txt
  • Windows Update.exe [ Details Here ]

Bitcoin Address

  • 3EZGS8P439PbBeiWjsGYjSSaRHn9CXKDRQ




FilesLocker – ransom note

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

One thought on “FilesLocker Ransomware

  • November 5, 2018 at 11:53 pm
    Permalink

    fileslocker is a kind of ransomware process which is infected by the viral process of sending the files form one direction to another direction. and this can be notified with the antivirus protection.

    Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: