1475244137_princess-locker_story

A new ransomware-as-a-service (RaaS) has been discovered by SenseCy and Michael Gillespie. Despite the innocent name, the Princess Locker ransomware will encrypt your data, then demand a ransom of 3 bitcoins, or approximately $1800 USD. Once the victim has been infected, the Princess Locker will start to encrypt the host computer’s files, and then append a random extension to files that are encrypted. A unique ID for the victim is now created, which is believed to be uploaded to the ransomware’s Command and Control (C&C) Server.

Two files named “!_HOW_TO_RESTORE_

[extension].TXT” and “!_HOW_TO_RESTORE_[extension].html” will be displayed after the encryption process is done. The files contain a message, saying that the user’s files have been encrypted, together with the unique ID generated. It then urges victims to visit links using the Tor browser.

1475244179_princess-ransomware_story

When the counter on the page goes down to 0, the ransom price will double, going up to 6 bitcoins, or approximately $3600 USD.