JapanLocker is an open-source PHP ransomware variant that targets web servers.  Despite the name, the hacking group behind the creation of this variant is based in Indonesia. They use search engines such as Shodan.io to scan for vulnerabilities within websites and then they exploit those vulnerabilities in order to gain access to the server. The encryption method used is a combination of Base64 encoding, ROT13, and basic data swapping. This basic encryption method allows for affected files to be easily decrypted.

  • Fortinet provides more information about JapanLocker here.
  • Fortinet provides a free decryption tool for JapanLocker, available here.