Princess Locker Ransomware

Share This:

1475244137_princess-locker_story

A new ransomware-as-a-service (RaaS) has been discovered by SenseCy and Michael Gillespie. Despite the innocent name, the Princess Locker ransomware will encrypt your data, then demand a ransom of 3 bitcoins, or approximately $1800 USD. Once the victim has been infected, the Princess Locker will start to encrypt the host computer’s files, and then append a random extension to files that are encrypted. A unique ID for the victim is now created, which is believed to be uploaded to the ransomware’s Command and Control (C&C) Server.

Two files named “!_HOW_TO_RESTORE_[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][extension].TXT” and “!_HOW_TO_RESTORE_[extension].html” will be displayed after the encryption process is done. The files contain a message, saying that the user’s files have been encrypted, together with the unique ID generated. It then urges victims to visit links using the Tor browser.

1475244179_princess-ransomware_story

When the counter on the page goes down to 0, the ransom price will double, going up to 6 bitcoins, or approximately $3600 USD.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]


Share This:

 

Related Content

Leave a Comment