- Home
- Detectable Ransomware
- ChileLocker
Ransomware Research
ChileLocker Ransomware
ChileLocker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on August 1, 2022, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: ARCrypter, ChileLocker Doxware.
Quick Facts
- Ransomware Family
- ChileLocker
- First Seen
- August 1, 2022
- Known Aliases
- ARCrypterChileLocker Doxware
How ChileLocker Ransomware Works
Targeted Files
https://www.bleepingcomputer.com/news/security/previously-unidentified-arcrypter-ransomware-expands-worldwide/ https://blogs.blackberry.com/en/2022/11/arcrypter-ransomware-expands-its-operations-from-latin-america-to-the-world https://tria.ge/230622-vlflnagh7w/behavioral1
File Encryption Patterns
ChileLocker modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..crypt
Ransom Note and Payment Demands
After encrypting files, ChileLocker displays ransom notes demanding payment for file recovery:
readme_for_unlock.txt
Ransom message:
notes/readme_for_unlock.txt
Note locations:
Temp
Technical Indicators
Associated Executable Files
The following executable files are associated with ChileLocker ransomware:
39b74b2f.exe
conti.exe
Trojan.Ransom.Conti.exe
0t8I7t8q8.exe
tmp1fltkf46.exe
Elastio Can Help You
Don't let ChileLocker ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This ChileLocker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like ChileLocker.
Last updated: July 30, 2025