L4NC34 Ransomware
The L4NC34 Ransomware is a file-locking Trojan that blocks digital media such as documents, music, pictures or website content. Its campaign is targeting vulnerable sites through brute-force or other techniques mainly. All users should have backups, along with anti-malware products for removing the L4NC34 Ransomware, and making full use of password security guidelines and software updates are valuable defenses.
Trojans Barely Bothering to Try
File-locking Trojans tend to gain headlines through notorious payloads like the Jigsaw Ransomware's en masse destruction of data, or the hundreds of thousands of dollars in ransoms that are archetypal of Ransomware-as-a-Services like the Scarab Ransomware. There also is room for smaller players in the threat landscape, not all of which are pranks. For an immediate example, the L4NC34 Ransomware is a low-profit, file-locker Trojan with equally-small-time programming.
The L4NC34 Ransomware's author is taking minimal efforts to protect its code and is an apparent novice in the file-locking Trojan industry. Attacks are compromising websites, either by brute-forcing passwords or using exploits available on unpatched platforms like WordPress and running the Trojan for 'encrypting' and disabling the site's content. The L4NC34 Ransomware also adds a 'crypt' extension onto these files, like many versions of the Globe Imposter Ransomware family.
The L4NC34 Ransomware is, however, very different from most file-locker Trojans in how it blocks data. Its so-called 'encryption' routine is nothing more than compressing or deflating internal strings via the PHP gzdeflate command, without any security or protection noteworthy. Users with familiarity with PHP and access to the Trojan's also-unprotected code should be capable of unlocking their files with relatively little effort. Superficially, though, the L4NC34 Ransomware's attack looks identical to those of more-impenetrable ones, like the STOP Ransomware family's legitimate encryption.
The Ransom Kind that Worth So Little Effort
The authors of the L4NC34 Ransomware aren't asking for much for providing their unlocking help. The L4NC34 Ransomware's ransom message is an unusually-involved, interactive PHP file that includes an embedded unlocking component, an e-mail for the threat actor, and a Bitcoin wallet for a ten USD. The low price makes the L4NC34 Ransomware one of the cheapest of file-locking Trojans on record, showing that the campaign is preying on users at random, rather than targeting larger government or business entities.
Site admins can protect themselves and their websites by avoiding weaker passwords that attackers could brute-force with automated tools or guesswork. Security patches also can provide effective defenses against well-known vulnerabilities. Despite the strength of these defenses, malware experts also recommend saving backups of website content and other work, as well, for a definitive advantage over any data-based extortion. Also, users should change any compromised passwords as a precaution against further attacks.
The L4NC34 Ransomware is one of the simplest of file-locking Trojans that anyone might imagine, but, outwardly, looks just like a higher-level threat. When slapdash programs can look like well-maintained, Black Hat business products, it bears remembering that appearances often are deceiving whenever extortion is involved.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.