{
	"id": "24ffe43f-e9b3-4c0b-9f94-719bad6ed602",
	"created_at": "2026-04-06T00:10:59.790093Z",
	"updated_at": "2026-04-10T13:12:48.171735Z",
	"deleted_at": null,
	"sha1_hash": "2aa6fef3a1738dd165e3a16fff0da917f81ac7c0",
	"title": "Introducing Her Royal Highness, the Princess Locker Ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2424257,
	"plain_text": "Introducing Her Royal Highness, the Princess Locker Ransomware\r\nBy Lawrence Abrams\r\nPublished: 2016-09-28 · Archived: 2026-04-05 14:04:42 UTC\r\nToday we bring you Princess Locker; the ransomware only royalty could love.  First discovered by SenseCy on darkweb\r\nforums and later by Michael Gillespie through his ID-Ransomware platform, Princess Locker encrypts a victim's data and\r\nthen demands a hefty ransom amount of 3 bitcoins, or approximately $1,800 USD, to purchase a decryptor. If payment is not\r\nmade in the specified timeframe, then the ransom payment doubles to 6 bitcoins\r\nNot much is known about Princess Locker other than having seen a few encrypted files and ransom notes uploaded to ID-Ransomware.  From what has been gather gathered, when a person is infected, the ransomware will encrypt the victim's files\r\nand then append a random extension to encrypted files and a unique ID is created for the victim. This ID, extension, and\r\nencryption is then most likely sent up to the ransomware's Command \u0026 Control server. \r\nRansom notes are also created and displayed, which are named !_HOW_TO_RESTORE_[extension].TXT\r\nand !_HOW_TO_RESTORE_[extension].html.\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nThese ransom notes contain the victim's ID and links to the TOR payment sites where a victim can login to see payment\r\ninformation. \r\nThe Princess Locker Payment Site\r\nThe Princess Locker payment site is your standard ransomware site with no special features. When victim's access the\r\nPrincess Locker payment site they will be greeted with a page asking them to select a language that looks almost identical to\r\nCerber's language selection page.\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 3 of 6\n\nLanguage Selection Screen\r\nThey will then be presented with a login prompt where they need to enter the victim ID provided in the ransom note.  Once\r\nlogged in they will see the main payment site, which contains information such as the ransom amount, the bitcoin address to\r\nsend payment to, and the answers to common questions.\r\nPrincess Locker Payment Site\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 4 of 6\n\nThe payment site also provides the ability to decrypt 1 file free. Unfortunately, since we do not have a sample of the\r\nransomware, and I didn't want to waste a victim's free decryption, I do not know if this feature works or not.\r\nFree File Decryption\r\nThe one item that is missing from the payment site is a support page that victim's can use to contact the malware developers.\r\n If this ransomware goes into wider distribution, I would not be surprised to see one added.\r\nWe are still actively looking for a sample of this ransomware, so if one is encountered, please upload it here.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 5 of 6\n\nSource: https://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/introducing-her-royal-highness-the-princess-locker-ransomware/"
	],
	"report_names": [
		"introducing-her-royal-highness-the-princess-locker-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434259,
	"ts_updated_at": 1775826768,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2aa6fef3a1738dd165e3a16fff0da917f81ac7c0.pdf",
		"text": "https://archive.orkl.eu/2aa6fef3a1738dd165e3a16fff0da917f81ac7c0.txt",
		"img": "https://archive.orkl.eu/2aa6fef3a1738dd165e3a16fff0da917f81ac7c0.jpg"
	}
}