Randomlocker Ransomware

If your Windows operating system was invaded by Randomlocker Ransomware, you probably have been introduced to an intimidating image of an anonymous person hiding under a hood. The image is accompanied by a message suggesting that your personal files were encrypted, and that you need to read instructions to restore them. The warning within the message suggests: “If you attempt to get rid of this program your files will be forever lost in encryption.” At the bottom of the image, you can find the word “RandomLocker,” which is where the name of the infection comes from. According to our research team, it is unlikely that this malicious infection has been completed yet, and we discuss this further in the report. While it is unlikely that regular Windows users are currently experiencing attacks by this malware, it goes without saying that if it attacks, it must be deleted as soon as possible. Is it difficult to remove Randomlocker Ransomware? That is something that depends on the situation.

The reason our research team believes that Randomlocker Ransomware might still be in development is that the infection is set to connect to a C&C server that does not work. While it is possible that this server has been taken down, it is also possible that the connection is still being built. The IP address of the C&C server is 85.93.88.116:80. Another reason the infection appears to be in development stages is that, at this stage, it does not automatically encrypt files. Once launched, it opens a window with the “encrypt” button, and it must be clicked manually for the encryption process to start. It is very possible that malicious parties are using Randomlocker Ransomware as a test, and the experience they gain could be used to build other, stronger infections in the future. In any case, we cannot ignore any threat, regardless of how malicious it might be, which is why our research team has conducted a thorough analysis. The conclusion, of course, is that deleting this malicious infection is necessary.

It is hard to say how exactly Randomlocker Ransomware would slither into your operating system. Cyber criminals could use spam email attachments and links within to trick you into executing the infection yourself. They could also hide it within malicious software bundles. Unsecure RDP channels could be used to drop this infection onto your PC as well. Once in, the malicious threat is meant to download a JPG file from pbs.twimg.com/media/Dbz082AXkAAICJC.jpg. This image should replace your background image to introduce you to the message we discussed already. It is suggested that an additional file should be created to present the specific demands – which are most likely to include emailing cyber criminals and paying a ransom – but this file was not created or downloaded during our tests. When it comes to encryption, Randomlocker Ransomware might add the “.rand” extension to the files it corrupts, but that is something that could change, considering that the extension is, literally, random. Victims cannot recover the files that are encrypted, which is why they might consider paying the ransom, and that is not recommended. The only recommendation is to delete the infection.

Deleting Randomlocker Ransomware is crucial. Unfortunately, your files cannot be saved by eliminating this malicious infection. It is great if you have backups stored online or on an external drive. In this situation, you should remove Randomlocker Ransomware immediately, and then, if you need it, you can transfer your personal files back onto your computer. Of course, you should remove the corrupted files before that. If you do not have backups, this is something you should think about using because it really can save you from losing your personal data. Note that this ransomware is not the only threat that can affect them. Also, you could experience data loss due to technical issues within your computer. Before you take care of all this, you must eliminate the ransomware, and it is strongly recommended that you use an anti-malware program for that; mostly because it can enable full-time protection as well. You might also try deleting the infection manually, but that might be too complicated for inexperienced users because the launcher file can be located anywhere, and its name could be unique.

Randomlocker Ransomware Removal

1. Find and Delete the {random name}.exe file that is the launcher of the ransomware. It could be located in these directories:
   • %USERPROFILE%\Desktop
   • %USERPROFILE%\Downloads
   • %TEMP%
2. Delete any other files (e.g., ransom note file and the JPG file) that the ransomware might have dropped.
3. Empty Recycle Bin to eliminate the malicious components.
4. Use a legitimate malware scanner to inspect your operating system for malicious leftovers.