Lilocked Ransomware
The Lilocked Ransomware is a file-locking Trojan of an unknown family. The Lilocked Ransomware can, like most threats of its class, stop media content from opening by encrypting it, and uses the circumstance for justifying its ransom demands. Criminals don't always honor these bargains, however, and users should store backups safely for their data's protection while keeping anti-malware products available for removing the Lilocked Ransomware on sight.
The Digital Mugger that's Holding Up Your Server
Although it's been almost a year since Hidden Tear's PooleZoor Ransomware variant targeted Iran, server admins and other Windows users in that nation, still, have cause for worrying over their files. Another Trojan with a similar, encryption-oriented payload is blocking data for money, with the name of the Lilocked Ransomware. Since it communicates in English, it may be compromising victims in other nations, although this Middle Eastern one is the first case that malware experts can confirm.
The Lilocked Ransomware uses encryption for blocking files and stopping their opening while adding custom 'lilocked' extensions onto the ends of their names. Once it finishes with this attack, it creates a message demanding a ransom through its TOR-anonymized website. Significantly, the text file that conveys these directions, also, uses the previously-noted extension, which is atypical among Trojans of this type.
Another noteworthy item in the Lilocked Ransomware's campaign is that malware researchers fail to find evidence of the Trojan's targeting most formats of files that are popular among the general public, such as ZIP archives or Word DOCs. Victims, instead, report of the Lilocked Ransomware's locking website-specific content, such as server-side HTML and open-source scripting language configs. Business, government, and NGO Web servers are favored targets for data-based extortion by file-locker Trojans of all ancestries, including 'lone wolves' like the Lilocked Ransomware.
The Meaninglessness of Post-Crime Apologies
The Lilocked Ransomware gives its victims a partially-unique text message, along with its file-blocking attacks. This ransom note offers an Onion Router link for paying for a decryption service – with the threat actor taking advantage of TOR's well-known anonymity features in the process. Some of the English text, also, includes minor peculiarities for identifying it, such as an apology for the attack and declaring the Trojan by its name.
However, users paying these ransoms always undertake some level of risk, with criminals not being obliged to honor their side of any agreements concerning their decryption help. In some cases, malware experts even find Trojans incapable of receiving decryption's 'unlocking' treatment – even though they, still, demand ransoms. Accordingly, nearly all users, whether or not they maintain Web servers, should prepare themselves with backups for protecting any meaningful file data.
Server admins can reduce their chances of encountering these attacks by leaving RDP off, installing security fixes as soon as they become available for download, and never using easily-broken login credentials. Anti-malware tools of most companies should remove the Lilocked Ransomware on sight, like nearly all file-locking Trojans.
Getting one's media 'lilocked' is a problem that's growing in the Middle East, but it's targeting server infrastructure that companies use around the world, as a whole. The Lilocked Ransomware is starting small but has every chance of growing, over time.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.