A new ransomware was discovered by ProofPoint researcher Darian Huss calling itself Alma Locker.
A victim's files are encrypted with AES-128, and have a random 5-6 character extension added. The ransom note dropped is "Unlock_files_<rand>.html" and "Unlock_files_<rand>.txt", where the <rand> part matches the extension of the files.
The ransom note looks like the following image.
The linked Tor link looks like the following image posted by Darian.
This ransomware is currently being distributed by an exploit kit, and has a very low detection rate on VirusTotal.
Analysis of this ransomware is still underway.
Edited by Demonslay335, 22 August 2016 - 01:06 PM.