- Home
- Detectable Ransomware
- Princess Locker
Ransomware Research
Princess Locker Ransomware
Princess Locker is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on November 1, 2016, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: Princess.
Quick Facts
- Ransomware Family
- Princess Locker
- First Seen
- November 1, 2016
- Known Aliases
- Princess
How Princess Locker Ransomware Works
Targeted Files
Reqires C&C https://www.malwarebytes.com/blog/news/2016/11/princess-ransomware https://www.hybrid-analysis.com/sample/c61f4c072bb1e3c6281a9799c1a3902f35dba652756fe96a97e60d0097a3f9b7?environmentId=100
File Encryption Patterns
Princess Locker modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
./\.\w{4,5}\b/
Ransom Note and Payment Demands
After encrypting files, Princess Locker displays ransom notes demanding payment for file recovery:
/^@_USE_TO_FIX_\w{4,5}\.txt\b/
/^!_HOW_TO_RESTORE_\w{4,5}\.txt\b/
Ransom message:
notes/ !_HOW_TO_RESTORE_12qwR.txt
Note locations:
EveryFolder
/^!_HOW_TO_RESTORE_\w{4,5}\.url\b/
Note locations:
EveryFolder
/^!_HOW_TO_RESTORE_\w{4,5}\.html\b/
Note locations:
EveryFolder
/^__USE_TO_REPAIR_\w{4,5}\.txt$/
/^__USE_TO_REPAIR_\w{4,5}\.url$/
/^__USE_TO_REPAIR_\w{4,5}\.html$/
Technical Indicators
Associated Executable Files
The following executable files are associated with Princess Locker ransomware:
Built object-Does dawn
PrincessLocker.exe
RxWis.exe
PrincessLocker..exe
PrincessLocker....exe
Princess.exe
princess.dll
Recovery and Decryption Tools
Good news! Decryption tools are available for Princess Locker ransomware:
0
Elastio Can Help You
Don't let Princess Locker ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Princess Locker ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Princess Locker.
Last updated: July 30, 2025