Researchers at 411-spyware.com constantly monitor the web for new harmful malware, and they have recently discovered Randomlocker Ransomware. To tell you the truth, it was not working properly at the time of research. To be more specific, it did not encrypt any files automatically. Instead, the encryption started only when researchers clicked the Start button on the small window opened by the ransomware infection. This shows that, at that time, Randomlocker Ransomware was still in development. It does not mean that you cannot encounter it. This malicious application might be finished soon, and when this happens, cyber criminals will start distributing it actively seeking to obtain money from users. Ransomware infections are developed by cyber criminals having this one purpose in mind, so we are sure the final version of Randomlocker Ransomware will, first, lock victims’ files and then will demand money from them. Do not even think about sending money to malicious software developers because they might give you nothing. Without a doubt, they will not forget to take money from you. The ransomware infection will also not be removed from your system if you pay money.
At the time of research, the ransomware infection did not encrypt files on the test machine. Also, its C&C server was down. Of course, it does not mean that this infection cannot be fixed one day. If cyber criminals release its final version and start distributing it actively, it might enter your system illegally and lock your files. Without a doubt, users who keep their PCs unprotected will encounter it first, so we suggest that you at least enable powerful security software on your computer if you cannot protect it from malware yourself. All ransomware infections are nasty threats, believe us. Once they infiltrate users’ computers successfully, they always lock files on them, making it impossible to access them. They usually affect those files that are the most valuable, including important documents and media files. Even though Randomlocker Ransomware did not work properly during the analysis, specialists found that it uses the .rand extension to mark encrypted files. Can you locate this extension at the end of almost every file you have? If so, it means that the ransomware infection has already done its job. Specialists say that users should also find new Wallpaper set. Most probably, Randomlocker Ransomware will set an image with instructions for users. We are sure you will be told that you need to pay money if you want to get your files back. This is the worst you can do because you may transfer your money to crooks in exchange for nothing. In other words, there is a possibility that your files will stay the way they are, and you will not get the decryption tool from them. Do not be so naïve – you will not get your money back either.
We would lie if we told you that Randomlocker Ransomware is a prevalent infection. Since it is still in development, it is not distributed actively, but this will change one day when the final version of this malicious application is released. There is a way to prevent crypto-malware from entering the system. You do not need to be an expert to do this, but you must stay away from all spam emails you receive. Also, it would be best that you do not click on any suspicious links and advertisements. Last but not least, do not download applications from dubious websites. Frankly speaking, these pieces of advice do not help to prevent malware from entering the system in all the cases. Because of this, we highly recommend having security software enabled on the system too.
You need to remove Randomlocker Ransomware from your system as soon as possible. It must be removed no matter if you have found your files encrypted or not. It should not be hard to remove it – it does not create any registry keys and does not drop any files. Actually, it should be enough to erase it by removing the malicious executable file, i.e. the launcher. It would be a clever decision to scan the system with an antimalware scanner as well because no malicious components can be left active on the system.
|#||File Name||File Size (Bytes)||File Hash|
|1||RandomLocker.exe||37376 bytes||MD5: e74337a316ab212978ab38838d184f5d|
|#||Process Name||Process Filename||Main module size|