FANDOM


EdgeLocker is a ransomware that stealthily infiltrates the system and encrypts various files using RSA cryptography. It renames encrypted files by appending the ".edgel" extension to the name of each file. For instance, "sample.jpg" is renamed to "sample.jpg.edgel".

Payloads

Following successful encryption, EdgeLocker opens a pop-up window containing a ransom-demand message.

The pop-up contains a message stating that files are encrypted and that they can only be restored using a private key. RSA is an asymmetric encryption algorithm and, thus, two keys (public [encryption] and private [decryption]) are generated during encryption. The private key is stored on a remote server controlled by cyber criminals. Decryption without this key is impossible and victims are encouraged to pay a ransom of .1 Bitcoin (approximately $101) to obtain it.

Text presented within EdgeLocker pop-up:

>>> Your files are encrypted by the EdgeLocker ransomware!
>>> Nobody can decrypt your files without a special RSA private key.
>>> YOU can obtain this key by purchasing it for 0.1 Bitcoin from us.
>>> Pay 0.1 BTC on the address 1LYFaPgwCFBnn5BQsSxRmEZ94nKj7tDDVA and 
then press "Check Payment"
>>> The payment is not received instantly, don't worry.
>>> Key
Community content is available under CC-BY-SA unless otherwise noted.