We want to inform you about a newly discovered ransomware-type malware called VindowsLocker Ransomware. This program was designed to infect your computer by stealth and encrypt most of your files and then demand that you pay a hefty ransom for the decryption key stored on this ransomware’s Command and Control (C2) server. Without a doubt, you need to remove this malicious application from your computer as soon as possible, but it might be too late if it already has infected your PC because it goes to work immediately after infection. Nevertheless, we do not recommend that you pay the ransom because there is a good chance that you will not get the promised decryption key.
Like many ransomware-type malware released these days, VindowsLocker Ransomware is distributed using dedicated email servers that spam the inboxes of potential victims with fake invoices and other email types that justify having an attached file. The attached file obviously contains a Trojan, an executable file that, when executed, downloads this ransomware’s files on your computer. The infection takes place secretly so unless your computer does not have a powerful antimalware application, this ransomware will enter it without obstruction.
While this ransomware looks like it was made poorly, it actually does the job it was intended to do rather well. Once on your computer, it will launch automatically and scan it for encryptable files such as .wma, .flv, .mkv, .mov, .avi, .asf, .mpeg, .vob, .pdf, .xls, .ppt, .stw, .sxw, .ott, .odt, .csv, .sql, .mdb, .hwp, .pdf, .bin, .db, and many others, and encrypt them with a unique AES encryption algorithm. The AES (Advanced Encryption Standard) encryption is very strong and a favorite among ransomware developers. While encrypting, this ransomware generates a decryption key, but this key is not stored locally for you to discover. We believe that it should be sent to its C2 server and sent back to you once you have paid the ransom.
Now, once all of your files have been encrypted, this ransomware will open its graphical user interface (GUI) window that features an image of a man with headphones and a ransom note at the top. The ransom note is written in broken English, but, nevertheless, it is easy to understand that the people behind this infection want you to send them $349.99. However, in order to pay, you need to call 1-844-609-3192. The note claims that it is a Microsoft tech support number, but that is obviously untrue, so we do not recommend dialing that number as it might be premium rate.
We would also like to point out that VindowsLocker Ransomware was designed to append all encrypted files with that “.vindows” file extension which indicates that the files were encrypted. This ransomware is set to encrypt files in nearly all folders on your PC with the exception of the Windows folder and its subfolders as they contain files that are needed to run the operating system. It is also worth mentioning that, since this ransomware was created by unprofessional developers, it does not create a PoE (Point of Execution) which means that you can quickly close its window and that it will not launch on system startup.
In summary, VindowsLocker Ransomware is a poorly-made and yet effective ransomware that can infect your computer secretly and encrypt your files. Its developers want you to pay $349.99 to get your files back which may be a reasonable sum of money for some, but we do not recommend risking losing your money because the developers might not keep their word and decrypt your files. Therefore, we recommend that you delete this infection. We have made a manual removal guide featured below. It involves using SpyHunter to detect the malicious executable as it is named randomly and can be placed anywhere on your PC.