What is Admin Locker Ransomware
Admin Locker is the name of a ransomware virus that started its spread in December 2021. It uses a combination of AES+RSA algorithms to write secure cryptographic ciphers over the stored data. This affects files’ access and their visual appearance. Admin Locker appends one of the following extensions to all blocked data – .admin1, .admin2, .admin3, .1admin, .2admin, or .3admin. It does not matter which one of them was applied to you. Their only function is to show files have been encrypted and make victims see it. For instance, a file like 1.pdf will change to 1.pdf.1admin (or other extension) and become no longer accessible. After encryption is done, Admin Locker explains how to recover the data in its text note (!!!Recovery File.txt) and on its web page that can be accessed via the TOR link.
All of your important files have been encrypted on this PC.
All files are encrypted.
To decrypt your files, you need to get a private key + decryption software.
To get the private key and decrypt software, you need to contact us and send us [YOUR KEY] .
To do this you need to go to the site in darkweb you can only enter through the TOR BROWSER
you can download it here https://www.torproject.org/download/
after you have installed a tor browser open this site
hxxx://adminavf4cikzbv6mbbp7ujpwhygnn2t3egiz2pswldj32krrml42wyd.onion
It shows you your current contacts.
Do not use chrome or firefox to access this site.
The site will not open with a tor browser only.
Our Guarantee.
We can decrypt several files as a demonstration - you can send us up to 5 files
up to 5 MB in total weight
and we will send them back to you in their original form for FREE.
How long do I have to wait for the decryption key for the whole PC?
After payment, we will send you the key within minutes.
Your personal ID:
[YOUR KEY] U48pXLpBh***
Attention! Don't lose your money.
write to us personally. if you ask someone else to help you decrypt, they will just write to us instead of you. and this will increase our costs for their services (mediation). in the worst case you will be cheated. so write personally, this is safer for you. only we can decrypt files.
Do not try to change the files and remove the extension, you may lose it forever. if you try to decrypt it yourself, experiment on the copies, do not experiment on the originals.
If you are reading this text, your files are encrypted!
Actual contact information
Our Guarantee.
We can decrypt several files as a demonstration - you can send us up to 5 files up to 5 MB in total weight and we will send them back to you in their original form for FREE.
Our extensions .admin1 .admin2 .admin3 .1admin .2admin .3admin
How long do I have to wait for the decryption key for the whole PC?
After payment, we will send you the key within minutes.
Attention! Don't lose your money.
write to us personally. if you ask someone else to help you decrypt, they will just write to us instead of you. and this will increase our costs for their services (mediation). in the worst case you will be cheated. so write personally, this is safer for you. only we can decrypt files.
Do not try to change the files and remove the extension, you may lose it forever. if you try to decrypt it yourself, experiment on the copies, do not experiment on the originals.
Our contacts
If you did not receive an answer in six hours. Check if your contacts have been updated; They could be blocked. We will replace blocked contacts within 6 hours.
CONTACT TELEGRAM MESSAGER
http://t.me/dotADMINbot
DOWNLOAD APP TELEGRAM MESSAGER
https://telegram.org/Apps
Important information.
1.1.2019 Payment is accepted in Bitcoin.
1.1.2021 If you defer payment for a long period of time. The price can double. Do not waste time, write to us to negotiate. We don't bite. We know how to come to a compromise.
The note gives general information on what has happened and how victims can fix it. Cybercriminals say it is possible to decrypt the blocked data only by paying for special software along with a private key. To do this, victims are instructed to download the TOR browser and visit a website using the link. The website duplicates the same information together with contact and payment details. Victims should establish further communication with swindlers using Telegram Messenger. Until then, the price for decryption is kept secret. Furthermore, likewise, with many other ransomware infections, developers of Admin Locker demand the ransom in Bitcoin. Additionally, cyber crooks offer the so-called guarantee – to send up to 5 encrypted files (max 5 MB in total) and receive them unlocked for free. This is a popular trick employed by many cybercriminals to stimulate victims into paying the ransom. Unfortunately, while cyber criminals remain the only figures able to decrypt your data, paying the ransom does not always guarantee they will do it as promised (plus it may cost you a lot of money). You heard it right – for now, it is almost impossible to decrypt files in full capacity without the help of cybercriminals. It is only possible to recover the data using backup copies from physical or cloud storage. If there is no such being available, you can give it a try using third-party decryption instruments from our guide. It is also worth creating copies of blocked files so the original ones do not get damaged in case of failed decryption. Whether you want to decrypt or simply recover your data, make sure you delete Admin Locker Ransomware from your computer in the first order. You can find all the instructions necessary to do it in our tutorial below.
How Admin Locker Ransomware infected your computer
As a rule, ransomware does not have a single way of infection. However, it usually requires some executable file to be opened by users. Such a file can be hidden under malicious Word, Excel, Archive, PDF, or JavaScript files in e-mail spam letters. The letters are usually disguised as something legitimate stating you have a “shipment”, “invoice”, or “prize” to retrieve. Many users follow the bait and click on malicious links or attachments leading to malware infections. Along with distribution through e-mails, ransomware can spread its roots in multiple other channels as well – trojans, backdoors, keyloggers, unprotected RDP configuration, fake software installers/updates, forged software cracking tools, and many more in addition to mentioned. To minimize the risk of getting infected with ransomware or other infections, it is advised to be more careful and less confiding when it comes to browsing or receiving suspicious content. In addition to this, it is worth having high-quality antimalware software installed on your PC and ready to combat unauthorized injections of malware. Recommendations on what software to choose for secure protection against such threats in the future can be found in our dedicated tutorial below.
- Download Admin Locker Ransomware Removal Tool
- Get decryption tool for .admin1 files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Admin Locker Ransomware
Download Removal Tool
To remove Admin Locker Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Admin Locker Ransomware and prevents future infections by similar viruses.
Alternative Removal Tool
To remove Admin Locker Ransomware completely, we recommend you to use SpyHunter 5. It detects and removes all files, folders, and registry keys of Admin Locker Ransomware. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Admin Locker Ransomware files:
!!!Recovery File.txt
{randomname}.exe
Admin Locker Ransomware registry keys:
no information
How to decrypt and restore .admin1 files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .admin1 files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .admin1 files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Admin Locker Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore .admin1 files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Admin Locker Ransomware, in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Admin Locker Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
