LCK Ransomware

The LCK Ransomware is a file-locking Trojan that's part of the Dharma Ransomware Ransomware-as-a-Service. It can stop users from opening media files by encrypting them, adds extensions to their names, and uses several means of demanding ransoms. Secure backups are the best recovery solution to infections, along with anti-malware software for removing the LCK Ransomware and blocking attacks.

Files aren't Very Lucky to Meet this Program

Dharma Ransomware's for-hire service is experiencing more interest from an unknown threat actor, as one of the more populous and lively families of file-locking Trojans. The LCK Ransomware, the variant of the moment, has few updates that make it different from the family's old versions substantially. However, it is still a possibly insurmountable barrier to users who take their files for granted and don't back them up to someplace safe.

While malware analysts have yet to confirm any executable names, the LCK Ransomware is Windows-compatible, like the rest of its family. The Trojan's most problematic feature is its data encryption: an AES algorithm-based routine with RSA security to convert media files into non-opening data. PDF and Word documents, Excel spreadsheets, and BMP or JPG pictures are classic examples of the formats at risk from these attacks, which also append ransom information and a campaign-unique extension in the names.

The LCK Ransomware also includes a default function for erasing the user's local backups as part of its attempt at gaining leverage. Afterward, it creates ransom notes: both a text file and an HTA pop-up alert. These instructions use generic templates, with some minor customization, related to the attack (such as a victim's ID serial). They also ask for money, even though paying doesn't trigger any automatic unlocking mechanism – predicting that victims have no backups for recovery.

Being Luckier than Criminals Who Hire Trojans

The LCK Ransomware's assumptions about the helplessness of its victims aren't arbitrary or unlikely necessarily. The Trojan includes a standard feature for destroying the user's Restore Point data, a favorite attack of most Ransomware-as-a-Services. Its reliability and consistency are such that malware experts can confirm its appearance throughout hundreds of relatives, including 2020 Dharma Ransomware releases like the Blm Ransomware, the Fresh Ransomware, the STAFS Ransomware and the ZXCV Ransomware.

Because its encryption is secure, users have few options for unlocking their work. Instead of decrypting files, malware researchers recommend maintaining backups that make decryption unnecessary. Secured storage drives that detach from the PC, or cloud-based services with access protection like password requirements, can help with recovery. They always are more dependable than paying criminals ransoms for decryption, which often backfires on the paying 'customer.'

Standard guidelines like deactivating document macros and browser scripts will keep users safe while they browse the Web. Admins also should check login requirements for vulnerabilities due to the regularity with which file-locker Trojans' campaigns abuse dictionary attacks. Anti-malware tools can't unlock media but will block and remove the LCK Ransomware from Windows machines.

Copying and pasting another Trojan from a Ransomware-as-a-Service is nothing new or impressive to 2020's threat landscape. Still, traditional Trojans like the LCK Ransomware can be among the most effective, as long as users forget the minimal defenses that keep encryption from becoming data sabotage.