Table of Contents
    Home / Definitions / AdamLocker Ransomware
    Security 3 min read

    AdamLocker ransomware, or RW.adm_64, is a screen-locking virus designed to prevent access to a computer system and rename the files in the infected system with the .adam file extension. However, it is not capable of deleting files like other ransomware. After successful screen locking, the virus generates a ransom note asking the victim to pay a particular amount of money.

    What Is AdamLocker Ransomware?

    AdamLocker ransomware was developed by someone with the screen name, humanpuff69, and was first detected by Michael Gillespie on December 25, 2016. The ransomware targeted international English-speaking users via spam emails with file attachments.

    In 2018, AdamLocker released a new variant, known as Korean AdamLocker, which targeted computer users based in Korea with spam email attachments, advertisement content, and file sharing software. It encrypts files located in Windows and AppData directories, and it requires Windows to remain active for victims to pay a ransom.

    How Did the Attack Work?

    AdamLocker ransomware is distributed mainly via spam email attachments, and when the computer user opens the attachment, AdamLocker launches the run.exe file. After penetrating the system, the virus locks the system’s screen and encrypts a range of file types, including .png, .jpg, .zip, .rar, and more. The virus appends the encrypted files with the .adam file extension, which makes opening the files impossible.

    Once the encryption process is complete, the virus creates a screen locker window that displays a ransom note demanding payment to get the decryption key. In addition, the virus collects all significant system information and changes the computer’s behavior by modifying its configurations.

    How Is AdamLocker Dealt With?

    Although AdamLocker ransomware is not as threatening as other ransomware, victims should remove the virus as early as possible. Access to the locked screen can be restored by starting up Windows in safe mode. Once it is restored, reliable and updated antivirus programs should be installed to prevent further attacks.

    Experts do not recommend following the instructions of attackers, as it increases the chances of future infections. To recover data encrypted by AdamLocker, users can rely on multiple available methods like Volume Shadow Copies, Windows Previous Version, and tools like Combo Cleaner and Intego.

    What Specific Steps Should Users Take to Prevent AdamLocker Attacks?

    Computer users must be aware of available security features on their systems and other measures to prevent ransomware attacks like AdamLocker. Here are some of the prevention methods that may help to keep away dangerous hackers:

    • Do not open spam emails and their attachments.
    • Avoid clicking suspicious URLs and other advertisement content.
    • Use professional and updated antivirus programs.
    • Keep systems and software updated.
    • Download software from trusted sources.

    Read next: TechnologyAdvice Guide to Antivirus Software