The Admin Locker ransomware was first seen in December 2021, the group uses a junction of the RSA and AES algorithms for encryption, this algorithm is extremely complex and produces a decryption key that only the group has access to.
The Admin Locker targets all files stored on the device as well as backup system so that all possibilities to restore the files are compromised.
The group uses numerous strategies to break into the victim’s system, the most used are by distributing pirated media, game cracks, software activators, but these are not the only ways the group can exploit other strategies such as spam email campaigns, phishing, among others.
The group adds extensions to the encrypted files, they are: .admin1, .admin2, .admin3, .1admin, .2admin or .3admin. All files with these extensions cannot be opened without the decryption key.
The group leaves a file on the desktop with the ransom terms as well as explaining how what happened to the victim’s files, some threats that the files can only be accessed with the help of the groups, and a link to the TOR browser for the victim to contact and negotiate the ransom amount.
The ransom amounts can easily reach thousands of dollars and there is no guarantee from the group that the key will even be released after payment.
Recover files encrypted by Admin Locker ransomware
Digital Recovery has been operating in the data recovery market for over 23 years, and has specialized in the recovery of files encrypted by ransomware, in the vast majority of storage devices, such as Database, Storages, RAID System, Virtual Machines, Servers and others.
Our experts are highly qualified and have developed solutions that can be applied remotely, we can recover data in any company in the world. Our processes were developed based on the General Data Protection Regulation (GDPR).
We provide all our clients with the confidentiality agreement (NDA), as we know that confidentiality in these cases of ransomware attacks is vital.
Contact us and start the recovery right now.