LOCKEDFILECR Ransomware Attempts Double Extortion


LOCKEDFILECR is the name of a newly discovered ransomware strain. The new variant does not seem to belong to any particular big family of ransomware clones.

LOCKEDFILECR will encrypt the targeted system, scrambling most files on it. Encrypted files receive the ".LOCKEDFILECR" extension, which also serves as the name of the new ransomware. The encryption process will transform a file called "photo.jpg" into "photo.jpg.LOCKEDFILECR".

The LOCKEDFILECR ransomware will encrypt most files it encounters on connected system drives, including media, document, archive and database files.

The ransom note is dropped inside a file called "ReadMe.LOCKEDFILECR.txt" and makes some bold claims about the amount of data stolen. The note states that over 2TB of data were stolen from the victim and exfiltrated and further threatens to inform the victim's customers and associates about the attack if the ransom is not paid within 72 hours.

The full ransom note goes as follows:


All your files are encrypted by reliable encryption algorithms
There is no other way to recover your files without our help
All encrypted files have .LOCKEDFILECR extension
You can recover all your files only if contact us within 72 hours
There is no other way to get your files back

Also more then 2 TERABYTES of your data has been updloaded to our server (including SQL databases)
After 72 hours We will inform all your clients and social media about this incident.

You have only 72 hours to stop it.

How to contact us:
1) Install TOR browser from: hxxps://torproject.org/
2) Contact us by this link: [redacted]

September 20, 2022