Home Malware Programs Ransomware Evil Locker Ransomware

Evil Locker Ransomware

Posted: July 10, 2018


The Evil Locker Ransomware is a file-locking Trojan of the Everbe@airmail.cc Ransomware family. The Trojan may compromise your PC through e-mail attachments or other infection methods, after which, it can keep you from opening various media formats, particularly, documents and pictures. Because its locking method isn't freely decryptable, the users are dependent on backups for restoring their files, although they should uninstall the Evil Locker Ransomware with an anti-malware application beforehand.

A Pedestrian Form of Evil Tainting Your File Data

The small family of file-locking Trojans deriving their code from the Everbe@airmail.cc Ransomware is growing slowly, but steadily, with more victims in confirmation by malware experts for July. New variants, like the Everbe Ransomwar and the Evil Locker Ransomware, remain just as impenetrable to free decryption research as their month-old ancestors, which include the Embrace Ransomware and the PainLocker Ransomwar. While many of its edits are minimal, the Evil Locker Ransomware does separate itself from similar Trojans by targeting 64-bit Windows systems, instead of 32-bit.

The Evil Locker Ransomware, like the other variants of its family, locks various formats of media on Windows machines, such as JPG pictures, Word DOCs or ZIP archive automatically. Its attacks employ both a standard, AES or DES encryption ciphers and the additional insertion of a 512 ASCII string at the end of the file's internal data. Besides also adding '.EVIL' extensions into the names of every file that it encrypts, the Evil Locker Ransomware also provides a bracketed e-mail address, which is a tradition among all versions of Everbe@airmail.cc Ransomware.

Malware researchers also are identifying the presence of text files serving as ransom messages for the Evil Locker Ransomware's decryption tool, which the threat actor withholds for payments of indeterminate sizes. Perhaps due to similar offers from other file-locker Trojans, the Evil Locker Ransomware's authors also are providing a free sample of their decryption help for up to three files. Any further negotiations take place through one of two e-mail addresses.

A Modern-Day Ward against Evil

Because the Evil Locker Ransomware uses a secure encryption method, significant leaks from its threat actor's resources or undiscovered glitches are necessary for producing a free decryption program for reversing its locking effects on any files. Users with any media of monetary or personal value should save it to other devices regularly, which is equally effective against the Evil Locker Ransomware's family and similar sub-types of file-locking Trojans. Local backups are sometimes available for restoring purposes, but their reliability is inconsistent against threats of this category.

While the Evil Locker Ransomware's family is active and in deployment against the public, malware researchers have insufficient evidence of its current vectors for infection. E-mail messages may include attachments for dropping this Trojan or other threats on your PC, such as via PDF or Word DOC-based vulnerabilities. Specific targets, within the business sector especially, also are at risk from RDP exploits and brute-force attacks. No matter what its arrival method is, victims always should have an appropriate anti-malware product delete the Evil Locker Ransomware before they take additional actions for their media's recovery.

While the march of the Everbe@airmail.cc Ransomware continues, PC users can be grateful that a majority of anti-malware tools are, already, identifying its variants, including the Evil Locker Ransomware. Trusting a download from a stranger implicitly in 2018 comes with consequences that can include having all of your files converted into little better than junk data.

Loading...