RandomLocker virus - How to remove

Just last week Cyber security analysts shared a discovery of a new ransomware virus called RandomLocker. RandomLocker attaches .rand extension to the affected files and locks victim’s data until they get paid $10 US worth of Bitcoins for the decryption key.

RansomWare works as a typical file-encrypting virus that locks the files using AES algorithm, adds .rand extension to the name string, while replacing the desktop with it’s big ransom note stating:

Ooops! Your files are gone!
To restore your files.
Read the instruction.
If you attempt to get rid
of this program your files
will be forever Lost in
encryption.

Have fun!

-RandomLocker 

The further directions to access all the locked files require an affected user to pay $10 in Bitcoin cryptocurrency within 24 hours and send the notice to their email [email protected] or else the server will destroy the private decryption key and you will never be able to get your data back.

Compared to other ransomware RandomLocker is one of the least demanding viruses, however some specialist debate whether it is still being developed and just testing its own capabilities while collecting money for bigger attacks. On the contrary to many people’s beliefs, smaller ransomware has a bigger potential collecting more money affecting broader spectrum of everyday users than the one’s targeting major companies one by one.

How does RandomLocker get into your computer?

As of right now .rand file virus has infected systems through email attachments and Chrome_Font.exe file which users have downloaded and double clicked, starting the whole encryption process. Once this malware gets inside it executes ransomware.exe which starts running in the background and encrypting targeted files with AES 256 cipher and .rand string extension. Then the ransom image appears on victims’s desktop background requiring to pay for the locked personal data, such as images, videos, audio and documents.

So far it is known that RandomLocker is not using any bots to spread, yet not sure for how long and when will it switch to the manual distribution through spam, software updates, exploit kits and other similar techniques.

Because .rand ransomware is a fairly new cyber infection with a high potential to be rapidly developing, it is not much known about it. The basic prevention would be simply not opening any suspicious unknown email attachments and installing software only from trusted websites.

How to eliminate RandomLocker and unlock your files

If your computer has, unfortunately, been infected by RandomLocker the first most important step would be virus elimination from the system. For that we can recommend Spyhunter These anti-spyware tools will help you easily scan your computer, detect and delete .rand RandomLocker and other potentially system damaging malware like trojan horses, computer worms, rootkits and etc.

It is crucial to remove the virus in order to stop it from affecting the rest of the data, and infiltrating the system again once you decrypt the files.

Sadly, since there isn’t a lot of information about it and malware specialists are still observing this ransomware the encryption specifically for .rand extension is still not available. However you are encouraged to try other decrypting software programs to see whether it works for your case.
On the other hand, if you have backed up your system before, it is possible to achieve positive results by removing virus first and then trying to restore Windows OS and get back all the files before the attack, depending when you made a backup. For more information please check our instructions on how to restore your Windows OS.

Automatic Malware removal tools