Not much is known about Princess Locker other than having seen a few encrypted files and ransom notes uploaded to ID-Ransomware. From what has been gather gathered, when a person is infected, the ransomware will encrypt the victim's files and then append a random extension to encrypted files and a unique ID is created for the victim. This ID, extension, and encryption is then most likely sent up to the ransomware's Command & Control server.
Ransom notes are also created and displayed, which are named!_HOW_TO_RESTORE_[extension].TXT and !_HOW_TO_RESTORE_[extension].html.
The Princess Locker Payment Site
The Princess Locker payment site is your standard ransomware site with no special features. When victim's access the Princess Locker payment site they will be greeted with a page asking them to select a language that looks almost identical to Cerber's language selection page.
0 komentar