Oopslocker Ransomware

What is Oopslocker Ransomware?

Oopslocker Ransomware is a highly dangerous computer infection that uses a unique AES encryption key to encrypt your files. The key is subsequently encrypted with an RSA encryption algorithm. The developer of this ransomware wants you to pay 0.1 BTC for a decryption key to recover your files as the encrypted files are purposefully corrupted. This program is set to encrypt most of the files on your PC to compel you to pay the ransom. Our malware researchers have tested this application, so if you want to find out how it works, how it is disseminated, and how you can remove it, please continue reading this article.

What does Oopslocker Ransomware do?

Oopslocker Ransomware consists of four files that include oops.exe — the main executable that was written in C++, EncryptedFiles.txt — the list of encrypted files, EncryptedKey — the file containing the encryption key, and KeyHash — a file with no apparent use. All of these files are set to be dropped in %ALLUSERSPROFILE%\oops. If your PC becomes infected, oops.exe launches immediately and starts encrypting your files. It targets documents, images, videos, file archives in an effort to encrypt as many files that contain personal information as possible to compel you to pay the ransom. It was set to encrypt your files in nearly every location on your PC except for %WINDIR% because it contains Windows files that are vital to running the operating system. It appends the encrypted files with a “.oops” extension.

Once the encryption is complete, Oopslocker Ransomware opens its graphical user interface window that also functions as the ransom note. Its creator wants you to pay 0.1 Bitcoins which is an approximate 350 USD. The note states that you must send the EncryptedKey file as an attachment, your computer’s name and the Bitcoin address with which you intend to pay the ransom to the provided email address. After paying the ransom, you should receive your decryption key via email that you can then enter into a box in the graphical user interface window. The note also advises you against meddling and tampering with the files and also says that the ransom will double each week if you do not pay on time.

Oopslocker Ransomware uses a unique AES algorithm to encrypt your files and then an RSA algorithm to encrypt the AES encryption key. It targets over forty different file extensions that include documents, pictures, videos, and so on. Testing has also shown that this ransomware can collect certain information about you and send it to its command and control (C&C) server. The collected information includes your IP address, OS version, keyboard setup, and information regarding your PC’s protection and anti-malware program installed.

Where does Oopslocker Ransomware come from?

Our cyber security specialists have determined that this ransomware is disseminated through malicious emails that can be disguised as receipts from legitimate companies such as Amazon and the like. The emails include an attached executable file that can be disguised as a PDF or MS Word document and its icon could also be changed to resemble one of these file types. However, you should note the last extension that is .EXE which means that it is not a document but an executable application. This mysterious application can be named randomly. Researchers say that it is a dropper file that, once run, will connect to its command and control server and download the four files of this ransomware.

How do I remove Oopslocker Ransomware?

Oopslocker Ransomware is a highly malicious computer infection that needs to be dealt with because you cannot afford to keep it on your PC because it might spring into action at any time and encrypt new files. Therefore, it is important that you remove it from your PC as soon as the opportunity arises. You can use an antimalware program such as SpyHunter or the guide featured below.

End the process of oops.exe via Task Manager

1. Press Ctrl+Shift+Esc keys.
2. Click Processes and locate oops.exe
3. Right-click it and click End process.
4. Close the Task Manager.

Delete malicious files manually

1. Press Windows+E keys.
2. Type %ALLUSERSPROFILE%\oops the address box.
3. Press Enter.
4. Locate oops.exe, EncryptedFiles.txt, EncryptedKey, and KeyHash
5. Right-click them and click Delete. Download Removal Tool100% FREE spyware scan and
   tested removal of Oopslocker Ransomware*

Stop these Oopslocker Ransomware Processes: