Princess Locker 2.0 is not a completely new threat as the first version was detected in 2016. However, the Princess Locker ransomware is making a comeback with its second version which looks very similar to the former one. It uses AES algorithm for the process of file-encrypting and demands 0.06 – 0.18 BTC as a ransom. According to the current exchange rates, the ransom fluctuates between 442 to 1,323 dollars. Therefore, paying for the decryptor is not that cheap and you should not waste money (Paying for ransomware could cost you more than just the ransom). Security researchers warn that Princess Locker 2.0 ransomware is very active at the moment (March of 2018). Considering this, you should be careful not to download malicious content from the Internet.
Princess Locker 2.0 crypto-virus adds random extensions to encrypted data
The payload of this ransomware appears to be very random: Clock quite Charles Shade promised game (ran.exe). In addition to this, the Princess Locker 2.0 virus does not append the same extension to files of different victims. Therefore, encrypted files feature random extensions like .fyust. For the most part, the extension consists of 4 to 6 random characters. Researchers have also called this extension personal as it is generated for every victim.
First of all, victims of Princess Locker 2.0 crypto-malware will be urged to open _THIS_TO_FIX.txt or _THIS_TO_FIX.html files. These executables will display the primary instructions for users. Long story short, they are urged to download TOR browser and open a link via this program. After people visit this TOR website, they will be introduced with the same page from the first Princess Locker ransomware version.
Over the years of activity, Princess Locker ransomware used many strategies for distribution. In 2017, researchers had detected that the virus was transmitted thru a drive-by download campaign (Royal pain: Websites compromised to deliver Princess ransomware via RIG exploit kit). Hackers were compromising websites by adding iFrame injections. Thanks to them, visitors would be transferred through a gate and then onto the RIG landing page.
After that, the RIG exploit kit would find usable vulnerabilities and infect users’ computers with Princess Locker. Whether the same strategy is selected for the second version is still unknown, but it is very possible. Therefore, you should update your software and make sure that your device would not be compromised by severe vulnerabilities (5 Reasons Why It’s Important To Update Your Software Regularly).
Researchers have been making guesses about the creators of Princess Locker 2.0 ransomware. However, this question is still unanswered. We did notice that the malware contacts host in Switzerland, but we cannot guarantee that hackers are exactly from this country.
Is there a way to decrypt files that the Princess Locker 2.0 crypto-virus has encrypted?
There is one significant difference between the first version and the Princess Locker 2.0 crypto-virus. The second time around, the hackers are not so greedy and demand smaller ransoms. However, this does not mean that you should pay them. Security researchers have already released the free decryptor for the first Princess Locker ransomware. It is still unconfirmed whether the first version works for the victims of the Princess Locker 2.0 virus. Even if the free decryptor does not help, we hope that security researchers will find a way to defeat this royal ransomware once again.
How is the Princess Locker 2.0 ransomware distributed?
We do not have enough information to suggest one way that the Princess Locker 2.0 virus is transmitted. However, knowing hackers, we can make several guesses. First of all, this virus has been known to use exploit kits for the purpose of invading users’ computers. Therefore, this could be one of the ways that the second version travels. Nevertheless, we are sure that the ransomware would also arrive in malspam or thru deceptive online advertisements.
Finally, we are going to provide you with all necessary information, related to the removal of Princess Locker 2.0 ransomware. First of all, you should be prepared to do a system restore. If you have no idea how this process actually goes, we have published convenient instructions. In addition to this, it is important to run a scan with an anti-malware tool. This will make sure that your computer device is not compromised by other malware parasites as well. For this purpose, we hope you will consider using Spyhunter.
Automatic Malware removal tools