Locked-In targets Windows OS and its method of distribution is currently unknown. It encrypts files using AES-256 and appends either a random extension or .novalid to the end of encrypted file names. It also drops a ransom note named RESTORE_NOVALID_FILES.html or RESTORE_NOVALID_FILES.HTML on the infected system. The ransom payment demand is currently unknown.

  • Bleeping Computer provides more information about Locked-In, as well as a free decryption tool, here.

One example of the Locked-In variant. Image Source: Bleeping Computer