- Slow Computer
- System crashes
- Connects to the internet without permission
- Can't be uninstalled via Control Panel
If your computer is unprotected, then it can become infected with Oopslocker Ransomware, a dangerous computer infection that was designed to encrypt your files and then demand that you pay a ransom to have them decrypted. We recommend that you remove this program without paying because you cannot be certain that the criminal behind this program will hold their end of the bargain and decrypt your files. While its developer does not ask for much money, your files might not be worth the price asked for the decryption key. Hence, you should consider your options before deciding to pay or not.
Oopslocker Ransomware is a typical ransomware-type computer infection like thousands of others. It is also distributed like most ransomware is. We have received information that it is sent to random users in emails that are disguised as legitimate. The emails can masquerade as invoices, receipts, tax return forms, and so on. The email should contain a dropper file that will infect your computer with Oopslocker Ransomware if you open it. The developer might have disguised the dropper file as a PDF or MS Word document by changing the icon and adding a “.pdf” or “.doc” extension before the “.exe” extension because it is believed that the dropper file is an executable. The dropper file injects four files into %ALLUSERSPROFILE%\oops. The main executable is named oops.exe. The second file is named EncryptedFiles.txt which contains a list of encrypted files. EncryptedKey is a file that contains the encryption key. The last file is named KeyHash, and its purpose is still unknown. Unfortunately, we have no more information on its distribution methods at this time. However, it is clear this ransomware can enter your PC via email if you accidentally open its attached file.
We have acquired a sample of this ransomware and tested it. Our analysis has shown that it was coded in the C++ programming language. If your PC were to become infected with Oopslocker Ransomware, then it would launch oops.exe upon infection and start encrypting your files. Research has shown that it uses an AES encryption algorithm with a 128-bit encryption key to encrypt your files and an RSA key to encrypt the key. As a result, this ransomware ensures a strong encryption of the files and, therefore, the cyber security industry has not developed a free decryption took. Note that this ransomware appends the encrypted files with a “.oops” file extension.
Testing has shown that this program encrypts files in all locations of a computer, but it skips the %WINDIR% folder not to encrypt Windows files as that would make the computer unusable. The developer wants your PC to remain functional so that it could open its GUI window after the encryption. The developer wants you to pay 0.1 BTC (337 USD as of August, 2017.) The GUI window features information such as the Bitcoin wallet address to send the ransom. However, before you pay you have to send the EncryptedKey file, your computer name, as well as your own Bitcoin Wallet address from which you are going to pay the ransom to the developer’s email at firstname.lastname@example.org. Once the payment is confirmed, the developer will send you a unique decryption key that you have to enter into the box featured in the GUI window. Again, we want to stress that the developer might not send you the decryption key due to technical issues or simply because he does not care about your files. Therefore, we advise against paying the ransom.
Oopslocker Ransomware is one malicious piece of programming that was designed for committing cyber crime. Again, it encrypts your personal files and then demands that you pay a substantial sum of money for a decryption key. The bottom line is that the developer might not send you the key for a number of reasons whether it is technical or human errors. You should not take your chances especially if you do not have valuable files on your PC. If that is the case, then please use the guide below to remove this ransomware.
Terminate oops.exe via Task Manager
How to delete the file