VindowsLocker targets Windows OS and its current method of distribution is unknown. This variant is unique in that it employs tactics similar to those used in tech support scams. Once a system is infected, VindowsLocker encrypts targeted files using AES and appends .vindows to the file names. It then displays a screen that instructs the victim to call a “level 5 Microsoft support technician” using a specific phone number in order to pay the ransom and regain access to their files. This variant doesn’t use a web-based C2 server to store the encryption keys. Instead, it is hardcoded with two Pastebin API keys which eliminates the need to establish and host a server. If victims decide to call the phone number on the ransom note, they will reach a call center that is likely operating within India and pretending to be Microsoft support who will request remote access into the infected system. The ransom payment demand for VindowsLocker is $349.99.