Ransomware Report

You can check the latest ransomware information.

title
AXLocker Ransomware Steals Discord Credentials
Registration date
2023-05-15
views
22071

[AXLocker ransomware]

[Virus/Malware Activity Report: AXLocker Ransomware]

Due to an infringement believed to be in the form of AXLocker ransomware, we would like to
confirm the situation and provide a warning as follows.

AXLocker ransomware

The ransomware in question is called AXLocker and appears to be encrypting the same name as before.

How it works

file version


[Figure 1 File version]


[Figure 2 File properties]

behavioral process

  • Hiding ransomware executable files

    To hide the location of the main program, immediately change it to Hidden property.


    [Figure 3 Hidden ransomware executable file]

  • Target a specific drive

    Only the C drive is encrypted.


    [Figure 4 Specific drive target]

  • Selection of encryption targets

    Proceed excluding some exceptions such as the Recycle Bin and Windows folder, and check for specific extensions.


    [Figure 5 Targets exempted from attacks]


    [Figure 6 Specific extension where encryption is performed]

  • Encryption progress

    AES256 encryption is applied to files targeted by attacks.


    [Figure 7 Encryption progress]

Infection results

The ransomware's notes are printed out on their own, and the attacked files are encrypted without changing the extension.


[Figure 8 Infection result 1]


[Figure 9 Infection result 2]

White Defender compatible

It supports real-time automatic restoration of files that will be encrypted before the malicious actions and blocking of White Defender ransomware.


[Figure 10 Block message]


[Figure 11 Block message]

Watch the AXLocker blocking video

Everyzone White Defender Co., Ltd. | CEO: Seunggyun Hong|Business registration number: 220-81-67981
Copyright ⓒEveryzone , Inc. All Rights Reserved.|