Alma Locker targets Windows OS and is distributed via the RIG exploit kit. Once executed, it targets specific files and encrypts them using AES-128. Alma Locker creates a unique 8-character victim ID by combining the serial number of the C:\ drive and the MAC address of the first network interface. It appends a random 5-character extension to encrypted file names. Alma Locker claims to allow its victims to decrypt test files for free but the link for decryption currently leads to an internal server error. Alma Locker currently demands a ransom payment of 1 Bitcoin to be paid within five days.
- Bleeping Computer provides more information about Alma Locker here.
- The NJCCIC is not currently aware of any decryption tools available for Alma Locker.