Lick Ransomware

The Lick Ransomware is a minor variant of the Kirk Ransomware. Both Trojans use file-encrypting attacks, albeit with different brand names, for extorting money from their victims. Decryption solutions aren't always possible for free, and malware analysts advise backing up any files that you can't afford to suffer damage. Anti-malware products capable of detecting its predecessor also can identify and remove the Lick Ransomware before it can begin enciphering any data.

Trojans Getting a Taste of What's on Your Hard Drive

Even though the Kirk Ransomware became a subject of interest to malware researchers only recently, con artists already are deploying variants of the Trojan, most likely due to the code's availability through an underground rental model. The new version of the file-encrypting program, the Lick Ransomware, features a modified extortion message, but, otherwise, is a clean clone of its ancestor. Ironically, the Trojan's initial file data indicates that it may be installing itself as a fake decryptor utility.

As it scans your computer for files to encrypt, the Lick Ransomware may distract you by loading a pop-up misrepresenting its functions as being those of a decryptor that decodes any already-encrypted data. The files that it enciphers, typically including documents and Microsoft Office output, are no longer readable without being sent through a decryption routine matching the key that the Lick Ransomware generates.

Afterward, a second message window launches. Instead of the Star Trek-themed art of the Kirk Ransomware, the Lick Ransomware displays a new logo, while the remainder of the contents explains how the victim can pay the ransom to unlock their data. Insufficient research has been done to determine whether or not free decryption of any data locked by the Lick Ransomware is practical, and con artists are known for withholding their decryption solutions, whether or not you pay them.

Making Sure the Lick Ransomware Stays Licked

The Lick Ransomware may give your files new extensions (similar to the Kirk Ransomware's '.kirked') for outlining the scale of its damages, but name changes will not undo the underlying encryption of file data that stops you from reading them. Until malware experts can explore the potential for a specialized decryption application in greater depth, victims only can protect their PCs by backing up the contents of their hard drives to places that the Lick Ransomware can't scan, such as a cloud account's storage space. Any visible symptoms related to the Lick Ransomware's attacks may be associated with misleading you into not taking any actions until it's too late to save your files.

Roughly two out of every three major brands of AV software detect the Lick Ransomware as a threat, although only a few have specific classifications for the Kirk Ransomware family. Keeping patched and alert anti-malware products to scan new files can delete the Lick Ransomware when you try to install it as a 'safe' application mistakenly. However, some threat actors also take advantage of poorly-chosen RDP configurations or weak login information to distribute file-encrypting threats on their independent initiative.

As long as people are willing to pay for the files they didn't take the time to back up, con artists will be ready to release new file-encoding Trojans like the Lick Ransomware. Don't let threatening software victimize your PC via something as simple as a deceptively-named program installer.

Technical Details