Types header

Name

COIN LOCKER

Type

CRYPTO

Encryption Type

Julius Caesar

Short Description

The coin locker is a ransomware that belongs to the crypto family this used a specific encryption method known as Caesar Cipher. This emerged in the early stage of 2015.

Symptoms

 

Distribution Method

Email and fake downloads

Image

You have been infected with the Coin Locker malware.

All files on this system have been encrypted.

To regain access to your files you will need the Coin Locker decryption software.

To obtain our software you will need to access the deep web with TOR, download TOR here:

https://www.torproject.org/download/download-easy.html.en

Launch TOR and navigate to our website:

http://unjbvgrxu2mpobuj.onion

Follow the steps on the site to use the decryption software and your files will be unlocked.

More Details

The coin locker is a ransomware that belongs to the crypto family this used a specific encryption method known as Caesar Cipher. This emerged in the early stage of 2015. The encryption file will have .encrypted extension followed by it. When the encrypted files are open the victim will be redirected to the TOR browser. Once the encryption is over it deletes all restore points from the PC and as well as the shadow volume copies on the computer in order to make it more arrogant for the victim. This encrypts the file and also sends some important data of files to the Control server.

 

 

 

The Coin locker targets the following file types as given, it scans the entire Computer but targets only these files.

COIN LOCKER1.2

Once these files are encrypted a README.txt file is left out in the display of victim computer and when the victim tries to open the encrypted files there is a URL which directs to TOR browser and this Tor browser is used for being anonymous , In this link the ransom is demanded and the victim is asked to pay some certain money in order to get the file decrypted , but the decryption is guaranteed even if the payment is done. The payment is supposed to be done through Bit coins.

The encryption process of this is done by Julius method the example of it is as shown below

Remove Coin Locker Ransomware

 

This is done using the letter substitution where each letter are replaced with another one with a certain amount of difference between the alphabets.

The  researchers say that there are decryption tools available for the decryption of the affected files due to coin locker ransomware.