Dagon Locker

Dagon Locker is a ransomware variant that emerged in September 2022 as an evolution of Quantum ransomware, operating as a Ransomware-as-a-Service (RaaS). The group behind Dagon Locker engages in double extortion, demanding payment for data decryption and for not releasing stolen data. Primarily targeting entities in South Korea, Dagon Locker is delivered via phishing emails and employs the ChaCha20 encryption algorithm for file encryption and RSA2048 for encryption keys. The ransomware attempts to terminate various processes to ensure complete access to the file system, changing file extensions to ".dagoned" upon encryption. It includes a command-line interface for customizable operations and avoids affecting Volume Shadow Copies.