Test subject – Princess Locker v2 ransomware
Princess Locker represents a relatively known type of ransomware which seems to have evolved from the same family as Alma Locker. It was first discovered in 2016 and a second version was released relatively recently, and it is very active at present.
Princess Locker ransomware test facts
The ransomware is distributed through various means like malicious sites which attempt to exploit vulnerabilities in Flash or Internet Explorer or malspam campaigns. Once it infects a computer, it encrypts most of the accessible files using a symmetric-key algorithm. The infected files are renamed using random extensions which are not the same on different machines. Princess also creates ransom notes in _THIS_TO_FIX_[identifier].txt or _THIS_TO_FIX_[ identifier].html files. Users are urged to open these files to find out the necessary information on how to decrypt the files. Typically, to decrypt the files, the user is asked to pay 0.06 – 0.18 BTC as a ransom.
The first version of Princess had flaws in the coding, which allowed security researchers to develop a decryptor which is available for free. Unfortunately, for the second version, there is no free decryptor available yet.
Princess Locker ransomware test results
TEMASOFT Ranstop detects this version of Princess Locker ransomware soon after it starts processing files. Upon detection, the user is alerted, and the malicious process is stopped and quarantined. The victim files are automatically restored so that the user doesn’t lose any valuable document.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.