[Virus/Malware Activity Report: AXLocker Ransomware]

Due to an infringement believed to be in the form of AXLocker ransomware, we would like to
confirm the situation and provide a warning as follows.

AXLocker ransomware

The ransomware in question is called AXLocker and appears to be encrypting the same name as before.

How it works

file version

[Figure 1 File version]

[Figure 2 File properties]

behavioral process

• Hiding ransomware executable files

  To hide the location of the main program, immediately change it to Hidden property.

  
  [Figure 3 Hidden ransomware executable file]

• Target a specific drive

  Only the C drive is encrypted.

  
  [Figure 4 Specific drive target]

• Selection of encryption targets

  Proceed excluding some exceptions such as the Recycle Bin and Windows folder, and check for specific extensions.

  
  [Figure 5 Targets exempted from attacks]

  
  [Figure 6 Specific extension where encryption is performed]

• Encryption progress

  AES256 encryption is applied to files targeted by attacks.

  
  [Figure 7 Encryption progress]

Infection results

The ransomware's notes are printed out on their own, and the attacked files are encrypted without changing the extension.

[Figure 8 Infection result 1]

[Figure 9 Infection result 2]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.

[Figure 10 Block message]

[Figure 11 Block message]

Watch the AXLocker blocking video