FANDOM


JapanLocker is a ransomware type of virus that targets websites. JapanLocker has been designed to target 32-bit systems that are associated with Windows Server 2008, Windows Server 2012, and Windows Server 2016 specifically.

Behavior 

JapanLocker is different when compared to the typical ransomware. Usually, when users get infected with this kind of nasty virus, their personal files become encrypted. JapanLocker goes straight to files that keep the user's website running.

Payload

After JapanLocker attacks a server, the administrator will see the following message:

LockeD
This Site Has been Locked!
Please Contact To Email the JapanLocker@hotmail.com To Unlock This Site Back.

There will be a link to a custom message by modifying the main HTML file associated with the victim's website. When the visitor attempts to connect to a website that has been encrypted by JapanLocker, this ransom note is displayed. The owners of the website will no longer have access to the website's content. JapanLocker uses a custom AES-256 encryption algorithm to encrypt all website resources, including data used by MySQL, SQLite, PostgreSQL, and MariaDB, clearly targeting databases and index files. Once the data has been encrypted by JapanLocker, it cannot be decrypted without access to the decryption key. Because of this, victims that do not have appropriate backups of their website's data will find that they don't have access to their data anymore. In some cases, victims will have no choice but to contact the creators of JapanLocker to receive their data back.

JapanLocker demands the payment of $200 USD in the form of the BitCoin cryptocurrency. PC security analysts suspect that the ransom demanded by JapanLocker will vary depending on the volume of data that has been compromised. Essentially, victims that have a lot to lose from JapanLocker attack may have to pay thousands of dollars to recover it.

Infection

While most ransomware uses spam emails to distribute their maliciousness, JapanLocker is a bit different. In special cases, if the target is very specific, JapanLocker developers could try to hack the server directly and infect it with the ransomware. Otherwise, malware specialists state that JapanLocker can spread via corrupted WordPress plug-ins and infected webpages.

Removal

Use anti-malware software to delete JapanLocker from the computer.

Community content is available under CC-BY-SA unless otherwise noted.