Princess Locker 2.0 Ransomware

Princess Locker 2.0 is a ransomware-type infection which is designed to employ AES[1] algorithm for data encryption. This file-encrypting virus is a new variant of infamous Princess Locker ransomware which is still active in 2018. The current version uses multiple extensions of random characters, including .cRtG, .fyust, .aknT0I. Victims receive a ransom note named as = _THIS_TO_FIX_[extension].txt which includes the specific extension the ransomware uses.

Thus, after Princess Locker 2.0 has finished data encryption, victims might be provided with the following variants of ransom notes:

  • = _THIS_TO_FIX_cRtG.txt
  • = _THIS_TO_FIX_fyust.txt
  • = _THIS_TO_FIX_aknT0I.txt

Below is the extract of Princess Locker 2.0 ransom note:

hpeECbqS CqXdyb qhBGhoryp  
Your ID: U2WbVAYRDcaMQamn 
Your extension: cRtG 
() Your files are encrypted! 
(kBFflrEv) Download and install Tor Browser: 
 xxxx: // 
() Follow this link via Tor Browser: 
 xxxx: //royal25fphqilqft.onion/

The ransom note of a file-encrypting virus consists of only the most important details about how to decrypt files encrypted by Princess Locker 2.0. Victims are provided with their unique ID number, and a link — hxxp: //royal25fphqilqft.onion/ —  for further instructions. However, the link is accessible only via Tor Browser which helps protect hackers’ anonymity.

Once Princess Locker 2.0 ransomware prevents you from accessing important data, it demands to pay 0.06 Bitcoin to receive a unique decryption key. Additionally, it sets a specific time period within the ransom must be paid. Otherwise, the amount of the payment will increase to 0.18 Bitcoin which is approximately $1650 at the current exchange rate.

However, note that criminals are not reliable people — their only goal is to swindle money from intimidated and desperate people to fund their malicious activity. Therefore, do NOT pay for Princess Locker 2.0 decryptor to the hackers. There are ways and alternative methods how you can get back the access to the encrypted files.

You will be able to use the decryption tool developed by the professionals only after Princess Locker 2.0 removal. Since ransomware-type infections are the most dangerous ones, its elimination is a highly sophisticated and time-consuming process. Unfortunately, inexperienced computer users are not skilled enough to uninstall it on their own.

Therefore, we suggest you remove Princess Locker 2.0 with the help of a professional malware removal tool. Automatic elimination is a convenient and fast method to delete this cyber threat from your system. For that, we highly recommend using Reimage or another robust antivirus.

Victims receive malicious spam emails holding the payload of the ransomware

Malspam campaigns[2] remain the most common attack vector of ransomware-type infections. Computer users are not used to be careful when checking their email box, so criminals take advantage of such actions and successfully infiltrate file-encrypting viruses through malicious attachments.

Usually, hackers impersonate well-known and legitimate companies or brands to trick users into believing that the email is trustworthy. People can be informed about significant changes in their online accounts and encouraged to open the attachment for further details. Unfortunately, this is the moment when the ransomware is installed on the computer.

Therefore, we suggest you be cautious not only when you are browsing the Internet but also when opening emails. Search for minor spelling or grammar mistakes in the email address or the letter itself. These are the indications that the message might be fraudulent and sent to infiltrate ransomware.

If you have any doubts about the legitimacy of the email, do NOT open the letter. Instead, contact the company which supposedly sent it to you and ask to confirm the email. Additionally, it is vital to use a professional security software with real-time protection to help you avoid ransomware attacks in the first place.

The guide to uninstall Princess Locker 2.0 virus

Before Princess Locker 2.0 removal, note that this is a highly dangerous cyber threat which might have numerous extra components hidden deep inside your system. Additionally, those elements can be designed to imitate legitimate computer processes to protect themselves from elimination.

Likewise, the only way to remove Princess Locker 2.0 is to get professional’s help. For that, you can either visit an IT technician or download a robust antivirus software. Our top recommendations would be Reimage, Plumbytes Anti-Malware and Malwarebytes Anti Malware. They have an easy-to-use design which will suit every computer user.

However, experts from[3] warn that you might be unable to get rid of Princess Locker 2.0 virus since this sophisticated cyber threat might prevent you from installing a security software.

Source: 2-spyware