RansomUserLocker Attacks Korean Users…
RansomUserLocker is a file-encrypting malware program that is mostly targeting Korean users. It has emerged in very first month of 2018. According to reports, RansomUserLocker virus is a descendant of Korean Talk ransomware that had attacked many computer systems and locked the screen after performing encryption process.
The ransomware uses social engineering ways to distribute its payloads. Like the spam email attached with link to download the infection imitating itself to be any important one. Other sources include clicking on fake ads, downloading cracks, or bundled freeware from untrusted sources.
Once successfully intruded, RansomUserLocker scans through the whole computer system to search for important files and encrypt them using the combination of AES and RSA encryption algorithm. After encrypting the files are appended with .RansomUserLocker file extension. Thus the files are no more accessible to users. The ransomware also leaves a ransom note as a file named Read_Me.txt along with a lock screen message that instructs the victim on how to recover their files. The ransom demanded is 1 Bitcoin to get back the files. Also, the authors of RansomUserLocker provides a deadline of 72 hours for the payment to be done. Victims are asked to contact to the provided email address at [email protected] along with their unique ID number.
However, there is no guarantee of getting back your files in reading state. It means they might not give you any decryption key to unlock your files even after paying the ransom. Thus, it is better to remove RansomUserLocker ransomware with powerful removal tool and try recovering your files with backups or data-recovery tools.
|Description||RansomUserLocker encrypts files, videos, images and texts stored on the target PC and demand a ransom amount from users to decode the files.|
|Occurrence||spam mail attachments., exploit kits, malicious links and java script codes..|
|Possible Symptoms||The ransom note can be seen on desktop and other file directories and files could not be accessible.|
|Detection Tool||Download the Detection tool– To confirm attack of RansomUserLocker virus on your computer.|
RansomUserLocker is distributed through spam mail attachment as a malicious script containing the payloads of the malware which if executed by the user could install the threat onto the computer system. Many cyber-criminals uses spam techniques to trick users by heading the mail as any invoice or shipment. Other sources might include visiting infected websites containing java script codes, exploit kits and spam bots. As you open the document or click the link, the payloads of RansomUserLocker gets downloaded on the system and installed without any user’s permission. If the user open/execute this file on their device, then the virus gets installed and your PC will become infected with Dangerous file-encrypting Ransomware threat.
More about RansomUserLocker
RansomUserLocker is a file-encrypting program that searches for important files on the victim’s PC and renders them non-accessible to users. And further ask users to pay the ransom to get the decryption key and unlock the files.
The ransomware changes the windows Registry entries to launch each time the window’s starts and takes up huge system resources to encrypt the files. RansomUserLocker also drops files that contains the ransom note and instructions for users on how to contact the authors of the ransomware and get their files back.
The ransom note by Dangerous virus states that your documents has been encrypted and you need to pay a ransom in Bitcoins to get back your files. The ransom demands varies for the user and the victims should contact with the provided email address as soon as possible.
List of file extension encrypted
→.asp, .aspx, .bat, .bmp, .csv, .doc, .docx, .html, .hwp, .java, .jpg, .kys, .mdb, .mp3, .odt,
.pdf, .php, .png, .ppt, .pptx, .psd, .rtf, .sln, .sql, .txt, .URL, .xls, .xlsx, .xml, .zip
Dangerous Ransomware uses AES and RAS encryption algorithm to encrypt data and appends random extensions to it. The crypto-malware ensures that the user could be able to recover the files from shadow volume copies, so it deletes the files by executing the command
→vsDangerousmin.exe delete shadows /all /Quiet