Today we will introduce you to the Princess Locker ransomware so you can see how these infections behave to the end user, and be prepared if you become a victim of it.
For the story, the Princess Locker ransomware was discovered by Michael Gillespie. It encrypts the victim's data and then demands an exorbitant ransom starting at 3 bitcoins (about $1.800 dollars), to hand over a decryptor to the victim. if she payment is not done in the specified time, then the ransom payment is doubled to 6 bitcoins.
We do not know much about the structure of Princess Locker, except for some encrypted files and ransom messages that have gone up to ID-Ransomware. From the up to date data, we report that when a person is infected, the ransomware will encrypt the victim's files, then append a random extension to the encrypted files and finally create a unique identifier, different for each victim. Identifier, extension, and encryption are probably sent to the ransomware server.
Ransomware messages contain the victim's ID and the connections to the TOR payment sites where the victim will have to log in to see the payment details.
The webσελίδα Princess Locker payment is a standard ransomware website, without any special features. When the victim enters this website, they will see the logo and the option to choose one of the 12 available languages.
After selecting the language, you will see a login prompt where you must enter the ID given to the ransom note. Once logged in, you will see the main payment page, which contains information such as the amount of the ransom, bitcoin address to send the payment, and ready answers to frequently asked questions.
The payment site also provides the option to decrypt 1 file for free. Unfortunately, since we don't have a sample of the ransomware, we don't have one computer that we could intentionally infect him, we don't know if this feature works or not.
The whole construction is quite professional. The only thing that may be missing from the payment site is a support page that can cause the victims to contact malware developers !!!. But if this ransomware infects enough people, we should not be surprised to see this possibility.