LockCrypt Ransomware
Posted: June 5, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 281 |
| First Seen: | June 5, 2017 |
|---|---|
| Last Seen: | March 30, 2023 |
| OS(es) Affected: | Windows |
The LockCrypt Ransomware is a Trojan that encrypts both the filenames and internal data of media, such as pictures or documents. It uses this file-locking attack to justify asking for Bitcoin payments for its decryptor, which malware experts advise against using until other recovery options are exhausted. Conventional anti-malware tools also should remove the LockCrypt Ransomware as soon as they detect it, depriving it of an opportunity to damage any media.
Double the Encryption for Twice as Many Problems
Trojans that make their profits out of blocking your ability to use your files can do so in more than one way, some of which are more challenging than others technically. The baseline encryption of the body of a file's data is the technique that threat actors favor currently, but some Trojans also can use filename changes, either as a substitute or a supplement. The LockCrypt Ransomware is a recent example of Trojans using both methods to maximize the psychological impact on those that they attack.
After infecting the PC and creating a custom ID number, the LockCrypt Ransomware scans the desktop and file directories for content to attack, which can include documents, pictures, spreadsheets, archives and other formats. The LockCrypt Ransomware encrypts any media fitting its parameters with an algorithm malware experts have yet to verify, although AES is the standard for most Trojan campaigns.
Although this basic encryption routine is what makes your files unreadable by related programs, the LockCrypt Ransomware also uses a second kind of encryption, solely on the filename. It appends the ID number and the '.lock' extension onto the end of this pseudo-random string. The overall result is a file that's only identifiable by its location and size theoretically, which enhances the victim's confusion and inability to determine the extent of the data loss.
Resolving Security Problems without a Trojan's Advice
The LockCrypt Ransomware collects money for its campaign through a recycled Notepad message that previous Trojan attacks also deliver. Significant aspects of the text include a time limit, withholding of the amount of the ransom fee (which the LockCrypt Ransomware's threat actors claim will increase over time), and the use of the Bitcoin cryptocurrency to prevent refunds. Any PC users in need of advanced data recovery should refrain from renaming or otherwise modifying any locked content until a third-party decryption software, or anti-malware researchers can analyze it. Backups also are highly viable means of retrieving any media that file-encoding Trojans lock.
Finished samples of the LockCrypt Ransomware date no further back than June of 2017 with no relatives in evidence (such as Hidden Tear, Troldesh, or the Jigsaw Ransomware) to assert an older ancestry. Malware experts recommend avoiding e-mail attachments with suspicious content as a dominant infection vector for file-encrypting threats, both for recreational PC users and business networks. Keeping your anti-malware programs open and updated should let most victims remove the LockCrypt Ransomware while preempting the encryption attack.
The LockCrypt Ransomware isn't the first Trojan to try to manipulate money into a Bitcoin wallet with selective lies and time pressure. Until PC owners learn to back their files up as a matter of habit, malware experts expect to monitor more low-sophistication but high-impact encryption attacks.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.