FANDOM


AdamLocker is a ransomware that was discovered on December 25th, 2016 by Michael Gillespie. At the beginning of February 2018, a new version of AdamLocker was found. It's very similar to the ancestor, except that it's available in Korean language only.

Payload

Transmission

AdamLocker is distributed via spam email, which contains a Word file.

Infection

When the the word file is opened, it launches AdamLocker's executable file named run.exe. After successfull infiltration to %ALLUSERSPROFILE%, the virus locks .txt, .jpg, .png, .bmp, .zip, .rar, .7z, .sql, .pdf, .tar, .mp3, .mp4, .flv, and many others file types by appening the .adam file extension to each of them. 

To inform the victim what has happened, AdamLocker generates a ransom note, which says:

ADAM LOCKER
Your computer has been infected by Adam! Random documents and files have been encrypted and a key 
generated to prevent further actions. To prevent this, please follow this link to get your unlock key.
Exiting This windows WILL cause the key to be destroyed!!!'

Victims are asked to pay a particular amount of money.

Community content is available under CC-BY-SA unless otherwise noted.