Mount Locker is stealing victims’ files before encrypting and then demanding multi-million dollar ransoms. Ransomware uses ChaCha20 to encrypt files and an embedded RSA-2048 public key to encrypt the encryption key. When encrypting files, the ransomware will add an extension in the. Registry so that when you click on an encrypted file, it will automatically load the ransom note. The Tor site is simply a chat service, where victims can negotiate the ransom. There is no way to recover your files for free.
Source: https://www.bleepingcomputer.com/news/security/mount-locker-ransomware-joins-the-multi-million-dollar-ransom-game/