Lick Ransomware
Posted: March 21, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 32 |
First Seen: | March 21, 2017 |
---|---|
OS(es) Affected: | Windows |
The Lick Ransomware is a minor variant of the Kirk Ransomware. Both Trojans use file-encrypting attacks, albeit with different brand names, for extorting money from their victims. Decryption solutions aren't always possible for free, and malware analysts advise backing up any files that you can't afford to suffer damage. Anti-malware products capable of detecting its predecessor also can identify and remove the Lick Ransomware before it can begin enciphering any data.
Trojans Getting a Taste of What's on Your Hard Drive
Even though the Kirk Ransomware became a subject of interest to malware researchers only recently, con artists already are deploying variants of the Trojan, most likely due to the code's availability through an underground rental model. The new version of the file-encrypting program, the Lick Ransomware, features a modified extortion message, but, otherwise, is a clean clone of its ancestor. Ironically, the Trojan's initial file data indicates that it may be installing itself as a fake decryptor utility.
As it scans your computer for files to encrypt, the Lick Ransomware may distract you by loading a pop-up misrepresenting its functions as being those of a decryptor that decodes any already-encrypted data. The files that it enciphers, typically including documents and Microsoft Office output, are no longer readable without being sent through a decryption routine matching the key that the Lick Ransomware generates.
Afterward, a second message window launches. Instead of the Star Trek-themed art of the Kirk Ransomware, the Lick Ransomware displays a new logo, while the remainder of the contents explains how the victim can pay the ransom to unlock their data. Insufficient research has been done to determine whether or not free decryption of any data locked by the Lick Ransomware is practical, and con artists are known for withholding their decryption solutions, whether or not you pay them.
Making Sure the Lick Ransomware Stays Licked
The Lick Ransomware may give your files new extensions (similar to the Kirk Ransomware's '.kirked') for outlining the scale of its damages, but name changes will not undo the underlying encryption of file data that stops you from reading them. Until malware experts can explore the potential for a specialized decryption application in greater depth, victims only can protect their PCs by backing up the contents of their hard drives to places that the Lick Ransomware can't scan, such as a cloud account's storage space. Any visible symptoms related to the Lick Ransomware's attacks may be associated with misleading you into not taking any actions until it's too late to save your files.
Roughly two out of every three major brands of AV software detect the Lick Ransomware as a threat, although only a few have specific classifications for the Kirk Ransomware family. Keeping patched and alert anti-malware products to scan new files can delete the Lick Ransomware when you try to install it as a 'safe' application mistakenly. However, some threat actors also take advantage of poorly-chosen RDP configurations or weak login information to distribute file-encrypting threats on their independent initiative.
As long as people are willing to pay for the files they didn't take the time to back up, con artists will be ready to release new file-encoding Trojans like the Lick Ransomware. Don't let threatening software victimize your PC via something as simple as a deceptively-named program installer.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:file.exe
File name: file.exeSize: 6.61 MB (6615148 bytes)
MD5: 43b1a4cf9ded9370d1daf5c3b96c6786
Detection count: 13
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 21, 2017
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.