As ransomware becomes more and more profitable for developers and their affiliates, new variants have also been seen popping up like wildfire. With this in consideration, a strain of cryptomalware called Princess Locker has been recently discovered. Despite what seems to be a cute and innocent-looking name, the ransomware can be a victim"s next worst nightmare, demanding a premium amount of 3 bitcoins, equal to $1819.
Initially discovered by the SensCy Blog and Michael Gillespie, not much is known about the new ransomware variant. However, from what has been gathered, once the victim has been infected, the Princess Locker will start to encrypt the host computer"s files, and then append a random extension to files that are encrypted. A unique ID for the victim is now created, which is believed to be uploaded to the ransomware"s Command and Control (C&C) Server.
Two files named "!_HOW_TO_RESTORE_[extension].TXT" and "!_HOW_TO_RESTORE_[extension].html" will be displayed after the encryption process is done. The files contain a message, saying that the user"s files have been encrypted, together with the unique ID generated. It then urges victims to visit links using the Tor browser.
Once the links are opened, visitors will be greeted with a screen asking them to choose their language. This will be responsible for displaying the formal ransom note in a victim"s respective spoken tongue, as they are prompted to enter their unique ID on the website.
The page will display the usual message stating that the victim needs to purchase bitcoins to decrypt their files. It also aims to ease victims" worries by attempting to answer questions that they might have, as well as saying that they can decrypt one file for free, yet this has not been confirmed yet.
What makes things worse for those infected is when the counter on the page goes down to 0, the ransom price will double, going up to 6 bitcoins, or equal to $3639.
While it is not known how widespread the Princess Locker ransomware is, we strongly advise our users to be careful of their activity on the internet, as some actions might lead to big consequences that can be difficult to get out of.
Source and Images: Bleeping Computer