Blog

Ranstop blocks PrincessLocker Evolution ransomware

Test subject – PrincessLocker Evolution ransomware

PrincessLocker first emerged in 2016, and since then, several versions and variants were released. We covered one of these in this article.

This one is called “Evolution” and it was quickly advertised as a RaaS (ransomware as a service) by the malware developers. This means that anybody willing to pay some amount of money can personalize and distribute it as another (similar) ransomware, including the addition of crypto-miners and exploits. This makes PrincessLocker even more dangerous.

PrincessLocker Evolution ransomware test facts

The new version adds new communication protocols with the command & control servers, changing the classic HTTP with UDP (which is faster and more reliable) while sending personal information, like username, installed software and other sensitive data. Encryption is also different from previous versions, as this one will encrypt only the first part of the files. This method makes it very fast, as a smaller data quantity is altered. The files are destroyed just as well, of course. The ransom note is dropped in all attacked folders, in multiple formats, including HTML, and the desktop background is replaced with the ransom note. The encrypted files will receive a new, randomly generated extension, making the identification of this ransomware somewhat more difficult. Reports say that the ransom starts at 0.12 BTC (~$800), and as usual, we will never recommend paying.

PrincessLocker Evolution ransomware test results

TEMASOFT Ranstop detects PrincessLocker Evolution ransomware easily once it starts encrypting files. Upon detection, the user is alerted, and the ransomware process is killed and quarantined. The affected files are automatically restored so that the user doesn’t lose her important documents.


Click here to watch TEMASOFT Ranstop blocking PrincessLocker Evolution ransomware (video)!

Learn how to protect against ransomware!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:26 am

FM Team

Share
Published by
FM Team

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023