Princess Locker

Princess Locker targets Windows OS and its current method of distribution is unknown. It appends a random extension to encrypted files and creates a unique victim ID. Princess Locker creates and displays ransom notes named !_HOW_TO_RESTORE_[extension].TXT and !_HOW_TO_RESTORE_[extension].html. Victims are required to use Tor to gain access to the payment site and the site allows victims to decrypt one file for free. The ransom payment demand is 3 Bitcoin.

UPDATE 2/16/2017: A new version drops a ransom note named @_USE_TO_FIX_JJnY.txt.

  • Bleeping Computer provides more information about Princess Locker here.
  • An independent security researcher provides a free decryption tool for Princess Locker here.