Alma Locker Ransomware is a ransomware Trojan that is currently being delivered to victims by RIG Exploit Kit. Alma Locker Ransomware was first observed in August 2016. The Alma Locker Ransomware attack is quite typical; Alma Locker Ransomware encrypts its victims' data and then demands that a payment of one BitCoin be made before the end of five days, threatening to permanently delete the victim's data. Alma Locker Ransomware has an operational command and control server that victims can connect to using TOR. Alma Locker Ransomware uses an advanced encryption algorithm to make the victim's data inaccessible without a decryption key, which is hidden from the victim until the ransom is paid. The encrypted files are accompanied by a random 5-character extension and a unique 8-character victim ID that are derived from the serial number of the C:³ drive and the MAC address of the first network interface.