A new ransomware was spotted from victim submissions of encrypted files, calling itself LockLock. So far, the victims have had IPs from China.
Thanks to @Seifreed for help acquiring a sample.
This ransomware encrypts files with AES-256, and appends the extension ".locklock". The ransom note "READ_ME.TXT" is left, asking the victim to contact the criminals at the email address firstname.lastname@example.org, or the Skype address "locklockrs". It is a variant of the ever-popular previous open-source EDA2 Ransomware.
The following image is set as the background of the system.
There is also a YouTube channel from the developer with a video showing a possible alternate development version.
If anyone has been hit by this ransomware, please contact me via PM for help with decryption.
Edited by Demonslay335, 12 September 2016 - 07:46 PM.