Home Malware Programs Ransomware Lokf Ransomware

Lokf Ransomware

Posted: November 8, 2019

The Lokf Ransomware is a file-locking Trojan of the STOP Ransomware family, which targets Asian countries frequently. Users should prepare backups for counteracting its payload, which uses encryption for locking data without consent. Appropriate anti-malware tools also may delete the Lokf Ransomware before it becomes threatening to your files, or uninstall preexisting infections.

More Locked Files from a Trojan Factory

Unintended adverse side effects of heavy industry, such as pollution, are often much lamented, but the intentional impact of Trojan production factories is an even worse affair. The STOP Ransomware is staying in the frontlines as one of the top most-rigorous and rapidly-developed of Ransomware-as-a-Services this year, competing head-to-head with the Crysis Ransomware. The Lokf Ransomware stands as daily proof of that, as version 0181, just after the recent 0180 of the Mosk Ransomware, the earlier Toec Ransomware and the Meka Ransomware.

As a Ransomware-as-a-Service threat, the Lokf Ransomware is a minor update to past Trojans from its family, with possible changes to encryption and obfuscation, but little else. Its main features emphasize encrypting documents, images, audio, and other media with a secure AES and RSA combination that can use both offline and online modes. The Trojan also adds extensions (as per its name) to file names, and will endeavor to remove backups related to the Shadow Volume Copy data.

Victims also receive Notepad messages from the Trojan, which function as ransom notes. These messages tell users how to contact the threat actor through an e-mail and, as of recently, offer links to what could be a 'demonstration' of the unlocker. However, since there's no way of guaranteeing the link's safety, malware researchers recommend against interacting with Web content promoted by the same criminals who are attacking your computer's files.

A Good Stopping Point for the STOP Ransomware Business

Since the Lokf Ransomware's encryption routines tend to be secure against third-party unlocking services, most users will need other possibilities for getting their files back to normal. Additionally, malware analysts are confirming some victims in the wild, although their location isn't known. Many versions of the STOP Ransomware target Southeast Asian areas, from India to the Philippines, but others will go farther abroad and campaign in other parts of the world.

Infection methods for the Lokf Ransomware's family tend toward software and media piracy themes. Fake downloads of key-generating tools, license activators, and pre-hacked versions of premium products are historical infection vectors for the STOP Ransomware. Malware experts recommend sticking to legal download sources for all content for safety reasons as much as for any moral or legal benefit.

Ransoms within this family are hundreds of dollars, up to nearly a thousand, in some cases. Users should avoid paying and, instead, depend on their remote and, hopefully, secured backups for recovery. However, anti-malware products from most companies should render this issue moot by stopping and removing the Lokf Ransomware automatically.

The Lokf Ransomware is as threatening as its victims give it leeway for being precisely. Any predator of data that can't penetrate as simple a barrier as a backup on some other device or server is one that, as per the rules of nature, is only culling the weakest of the cyber-security herd.

Loading...