Ransomware infection believed to be an evolved modification of the JigSaw ransomware variant, has been detected. Besides showing a lockscreen message, the DarkLocker ransomware also encrypts the files on the computers infected by it. After the files are encrypted, the DarkLocker ransomware demands the payoff of approximately 0,15-0.20 BTC for the restoring of the encrypted files. In case you have become a victim of this cyber-threat, reccomendations are to focus on reading this article thoroughly.
|Short Description||The malware encrypts users files using a strong encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.|
|Symptoms||The user may witness ransom note and “instructions” linking to a web page and a decryptor..|
|Detection Tool|| See If Your System Has Been Affected by DarkLocker |
Malware Removal Tool
|User Experience||Join our forum to Discuss DarkLocker.|
|Data Recovery Tool||Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.|
DarkLocker Ransomware – How Does It Spread
Then, these e-mails may be embedded in a spam bot which in it’s turn sends spam messages with malicious e-mail attachments, like the example below:
Once the attachment is opened, infection by DarkLocker is inevitable.
But this may not be the only way of infecting with this virus. The DarkLocker malware may spread via fake updates, programs, patches and other “software” uploaded online as well.
DarkLocker Ransomware – Activity
Once the user becomes infected, the virus may situate it’s malicious files on the following Windows folders of great importance:
Among the malicious files may be different types of exectuables as well as support modules, but the main two identified are named as the following:
After this infection drops it’s files, it may initiate modifications by adding value strings with data in the Windows Registry Editor. The predominantly targeted Windows Registry keys are the following:
In addition to this, the DarkLocker ransomware may also delete backups, system restore points and shadow volume copies of Windows. It may also shut down critical system security processes to ensure uninterrupted file encryption
DarkLocker Ransomware – Encryption Process
For the file encryption of this virus, one or more than one encryption modes can be used to render the files no longer openable. This is achievable by combining the encryption mode with the cipher. The DarkLocker virus may be pre-configured to encrypt only a portion of the files, hence the larger the file, the more size will be encrypted. This is done to ensure a faster encryption process. For the infection, DarkLocker may target certain files of bigger importance than the average file types. Such files may be:
- Audio files.
- Database files.
- Other files associated with often used software.
In addition to performing this, the DarkLocker virus may also be careful to avoid encrypting files in different system folders, that may cause Windows to misbehave and even crash.
After the encryption process is compete. The ransomware has been reported by researcher Amigo A to display the following ransom note type of file, extorting victims to pay ransom:
Remove DarkLocker Ransomware and Restore Files Encrypted by It
Before beginning to remove this virus, recommendations are to focus on saving the files encrypted by it on another drive, preferably external.
Then, we advise you to follow the following removal instructions to help you remove DarkLocker by isolating it first. In case you feel unsure that you will remove all objects created by this virus manually, recommendations are to focus on performing the removal process automatically by downloading an advanced anti-malware program. It will detect and remove DarkLocker files automatically and protect the system against any future intrusions too.
After having removed DarkLocker virus, reccomendations are to focus on restoring your files using some alternative methods. We have mentioned several of those in step “2. Restore files encrypted by DarkLocker” below. They are designed to enable you to restore at least some of the files, until a decryptor is released for free download. In the meantime you can check this article, as we will update it if there is any development with this virus.
Manually delete DarkLocker from your computer
Note! Substantial notification about the DarkLocker threat: Manual removal of DarkLocker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.