- Slow Computer
- System crashes
- Connects to the internet without permission
- Changes background
- Can't be uninstalled via Control Panel
KoreanLocker Ransomware is not an infection you want to find on your Windows operating system. While we are sure you do not want to face any kind of malware, this infection is on another level. When it slithers in, it immediately encrypts files, and it does that using a complicated algorithm to ensure that no one can crack the code by themselves. This is meant to push the victim into a corner and force them to pay a ransom for the alleged decryption key. Would you see this key after you paid the ransom? That is, unfortunately, highly unlikely, and this is why we cannot recommend taking this route. On top of that, not all victims will be able to fulfill the demands of cyber criminals, who want a ransom of 1 Bitcoin. This virtual currency shifts all the time, but at the time of research, 1 BTC converts to 11,000 USD. That is a lot of money, and it is possible that the encrypted files are not even worth it. Luckily, a decryptor appears to exist, and so the only thing you really need to worry about is the removal of KoreanLocker Ransomware.
As you can tell by the name and the ransom note – if you have faced it already – the malicious KoreanLocker Ransomware is targeted at users living in Korea. It was discovered that the launcher of this dangerous threat is concealed as a PDF file with the PDF icon representing it. This file is likely to be sent via spam email along with a message that is meant to trick you into opening the malicious file. Once it is opened, the ransomware is executed. You need to be careful about all kinds of spam emails because most ransomware threats spread using this backdoor. Others include Genocheats Ransomware, Satan’s Doom Ransomware, and Crypt0 HT Ransomware. These three were created using the Hidden Tear open source code, just like KoreanLocker Ransomware itself, and we recommend deleting them too. If you are interested in learning about this malware and how to delete it, check out the guides that are already available on our site. When these infections encrypt files, they always add a unique extension to their names. KoreanLocker Ransomware adds the “.locked” extension, which has been used many times before.
According to the latest research, the malicious KoreanLocker Ransomware only encrypts files that are found in Desktop, Documents, Downloads, Music, Pictures, and Video folders, all of which are located in the %USERPROFILE% directory. The threat is also specific about the files it encrypts, and it looks for files which such extensions as .txt, .doc, .pdf, .zip, .jpg, .exe, or .avi. Clearly, this malware was created to corrupt personal files, and this is not surprising because these are the ones that users cannot replace unless backups exist. As soon as the encryption process is complete, KoreanLocker Ransomware creates a file named “README.txt” on the Desktop. The attacker who has created the ransomware uses this file to push the victim into paying a ransom of 1BT to 1HB5XMLmzFVj8ALj6mfBsbifRoD4miY36v (a Bitcoin Address) within 24 hours. After this, the decryption key is supposed to be deleted. If the victim is tricked into paying the ransom, they should also email firstname.lastname@example.org a unique ID number. You should not do any of this. Instead, you should remove the ransomware.
A tool called “Hidden Tear Decrypter” exists, and if you enter
KoreanLocker Ransomware Removal