AdamLocker Ransomware

AdamLocker ransomware, or RW.adm_64, is a screen-locking virus designed to prevent access to a computer system and rename the files in the infected system with the .adam file extension. However, it is not capable of deleting files like other ransomware. After successful screen locking, the virus generates a ransom note asking the victim to pay a particular amount of money.

What Is AdamLocker Ransomware?

AdamLocker ransomware was developed by someone with the screen name, humanpuff69, and was first detected by Michael Gillespie on December 25, 2016. The ransomware targeted international English-speaking users via spam emails with file attachments.

In 2018, AdamLocker released a new variant, known as Korean AdamLocker, which targeted computer users based in Korea with spam email attachments, advertisement content, and file sharing software. It encrypts files located in Windows and AppData directories, and it requires Windows to remain active for victims to pay a ransom.

How Did the Attack Work?

AdamLocker ransomware is distributed mainly via spam email attachments, and when the computer user opens the attachment, AdamLocker launches the run.exe file. After penetrating the system, the virus locks the system’s screen and encrypts a range of file types, including .png, .jpg, .zip, .rar, and more. The virus appends the encrypted files with the .adam file extension, which makes opening the files impossible.

Once the encryption process is complete, the virus creates a screen locker window that displays a ransom note demanding payment to get the decryption key. In addition, the virus collects all significant system information and changes the computer’s behavior by modifying its configurations.

How Is AdamLocker Dealt With?

Although AdamLocker ransomware is not as threatening as other ransomware, victims should remove the virus as early as possible. Access to the locked screen can be restored by starting up Windows in safe mode. Once it is restored, reliable and updated antivirus programs should be installed to prevent further attacks.

Experts do not recommend following the instructions of attackers, as it increases the chances of future infections. To recover data encrypted by AdamLocker, users can rely on multiple available methods like Volume Shadow Copies, Windows Previous Version, and tools like Combo Cleaner and Intego.

What Specific Steps Should Users Take to Prevent AdamLocker Attacks?

Computer users must be aware of available security features on their systems and other measures to prevent ransomware attacks like AdamLocker. Here are some of the prevention methods that may help to keep away dangerous hackers:

  • Do not open spam emails and their attachments.
  • Avoid clicking suspicious URLs and other advertisement content.
  • Use professional and updated antivirus programs.
  • Keep systems and software updated.
  • Download software from trusted sources.

Read next: TechnologyAdvice Guide to Antivirus Software

Siji Roy
Siji Roy
Siji Roy specializes in technology, finance, and content marketing. She helps organizations to communicate with their target audience. She received her Master’s degree in Communication and Journalism from the University of Calicut, India. She is fortunate to be married to a lovely person and blessed with three naughty boys.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

REvil Ransomware

REvil was a Ransomware-as-a-service (RaaS) ransomware attack that affected a number of larger corporations and famous individuals. Read this article to learn more about...

Colonial Pipeline Ransomware Attack

The Colonial Pipeline Ransomware Attack was a major ransomware attack perpetrated against the oil and gas company, Colonial Pipeline, in 2021. Learn more about...


WannaCry was one of the most damaging malware attacks in history. On Friday, May 12, 2017, WannaCry ransomware infected computers all around the world,...

Ryuk Ransomware

The Ryuk ransomware is a strain of malware that attempts to infect and encrypt victims’ files, rendering them inaccessible to the original user. Ryuk ransomware...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...