Home Malware Programs Ransomware Lalabitch Ransomware

Lalabitch Ransomware

Posted: July 4, 2017

Threat Metric

Threat Level: 10/10
Infected PCs: 83
First Seen: July 6, 2017
OS(es) Affected: Windows

The Lalabitch Ransomware is a file-encrypting Trojan that denies the users access to files such as work content and recreational media until they pay a ransom. While the viability of public decryption still is subject to analysis, victims can limit the fallout of the Lalabitch Ransomware infections by storing backups on other devices. Use anti-malware products to delete the Lalabitch Ransomware, which doesn't install itself and may have support from other threats.

How Servers Get Introduced to Data Extortion

Most file-encrypting attacks owe their existence to distribution-enabling vulnerabilities, such as corrupted JavaScript or macros, or even due to the Trojans in question bundling themselves with other downloads. Nonetheless, not every case of holding files hostage for money is a result of such obvious security mistakes. Malware experts identified an Indonesian Trojan's attack benefiting from another installation method: the Lalabitch Ransomware campaign only recently.

The Lalabitch Ransomware's threat actors are installing their Trojan after compromising business sector servers by brute-forcing or phishing their login details. This level of access lets them compromise the system manually, install the Lalabitch Ransomware, run its payload, and then, potentially, remove it afterward (to deprive security companies of any samples for analysis). The victimized servers only retain their encoded and unusable files, as well as a PHP ransom message.

The latter uses simple ASCII to convey its demands for giving the victim a decryptor: 1,300 USD in Bitcoins, transferred to the threat actor's wallet address. The Lalabitch Ransomware also claims that it will delete essential decrypting information within twelve hours, although the shortness of this limit makes it likely that the Trojan is bluffing. Malware experts have yet to verify whether the Lalabitch Ransomware contains any data-deleting features, but the encryption routine does work as advertised.

Kicking Unwanted Company out of Your File Storage

Users trying to recover data locked by the Lalabitch Ransomware can identify any encoded content from the '.lalabitch' extension that the Lalabitch Ransomware appends to each encrypted file. However, decryption without paying may not be possible, and con artists using Bitcoins can take their money without suffering penalties for refusing to help with unlocking services afterward. As a result, good backup management is the ideal preventative for keeping the Lalabitch Ransomware's damages as negligible as possible.

PC users also can protect their server logins by using advanced password strings, including seasonal rotations, varying mixes of numerical and alphabetical characters and case-sensitivity. Avoid passwords that are commonly used, such as 'admin,' '1234,' or 'password1,' which leaves the login at risk of attack by brute-force hack tools. In non-manual installation attempts, various anti-malware programs can remove the Lalabitch Ransomware before it starts encrypting content, along with uninstalling it afterward.

Many security problems are transparent only in hindsight. With the consequences of a lazy password being over a thousand dollars, the Lalabitch Ransomware is showing how taking the time to go over your company server's potential weak points is always a time well spent.

Loading...