A new ransomware-as-a-service (RaaS) has been discovered by SenseCy and Michael Gillespie. Despite the innocent name, the Princess Locker ransomware will encrypt your data, then demand a ransom of 3 bitcoins, or approximately $1800 USD. Once the victim has been infected, the Princess Locker will start to encrypt the host computer’s files, and then append a random extension to files that are encrypted. A unique ID for the victim is now created, which is believed to be uploaded to the ransomware’s Command and Control (C&C) Server.
Two files named “!_HOW_TO_RESTORE_
[extension].TXT” and “!_HOW_TO_RESTORE_[extension].html” will be displayed after the encryption process is done. The files contain a message, saying that the user’s files have been encrypted, together with the unique ID generated. It then urges victims to visit links using the Tor browser.
When the counter on the page goes down to 0, the ransom price will double, going up to 6 bitcoins, or approximately $3600 USD.
