Home Malware Programs Ransomware LonleyCrypt Ransomware

LonleyCrypt Ransomware

Posted: September 26, 2019

The LonleyCrypt Ransomware is a file-locking Trojan that can encrypt your computer's media, such as documents, for stopping them from opening. The LonleyCrypt Ransomware also delivers text messages in Chinese and English, as well as accessing Windows utilities for unknown purposes. Users should be careful about maintaining their backups for sparing files from permanent locking and run a suitable anti-malware program if they need to remove the LonleyCrypt Ransomware.

A Trojan with More than Typos for Your Files

A dual-language Trojan with file-locking properties may be ramping up a campaign against Chinese and English speakers. Although many of the LonleyCrypt Ransomware's details are in apparent development, it includes functional features for blocking content, leaving theoretical ransoming messages, and other attacks that are typical for its threat type. Malware experts are recommending treating it as a threat similar to the Crysis Ransomware or Hidden Tear, although the LonleyCrypt Ransomware isn't a part of any known Trojan family.

The LonleyCrypt Ransomware is a Windows program that uses AES encryption for blocking various media formats, such as documents, spreadsheets and pictures. Other aspects of the LonleyCrypt Ransomware's payload that malware experts can confirm at this time include:

  • The LonleyCrypt Ransomware adds extensions onto blocked files' names. It uses 'LonleyEncryptedFile' [sic], which is notable since the language doesn't match the primary one of its related ransom note.
  • The LonleyCrypt Ransomware creates text files that are, likely, intended as ransoming instructions for buying the decryption However, the contents include no more than a twenty-four warning without payment information and use both Chinese and English languages.
  • The LonleyCrypt Ransomware also opens the Windows CMD or Command Prompt utility. Most Trojans access this tool for erasing the Restore Points, and other backup information.

Accordingly, although the LonleyCrypt Ransomware seems incomplete, its future intentions and capabilities match those of most, for-profit Trojans that leverage encryption for extortion.

Ensuring that the LonleyCrypt Ransomware Stays Lonely

Details about the LonleyCrypt Ransomware's possible monetization plans and distribution models remain shadowy but are mostly-irrelevant to the average PC user. All users already should be backing their work up to other devices for safekeeping and preventing encryption from blocking valuable content. A minority of file-locker Trojans' attacks don't compensate for all decryption possibilities or other options, such as the Shadow Volume Copy-based recovery. However, users never should gamble on being capable of unlocking or directly restoring their work.

Malware analysts only find versions of the LonleyCrypt Ransomware on Windows OSes. Detection rates of the current versions of the LonleyCrypt Ransomware include accurate results for roughly two-thirds of the anti-malware industry. However, most products will detect the Trojan generically. Some Chinese AV vendors are providing specific entries suitable for this Trojan and will detect and remove the LonleyCrypt Ransomware by name.

The possibility that the LonleyCrypt Ransomware is 'only' an experiment, joke, or programming challenge isn't nil. Unfortunately, the intentions of encryption aren't that relevant to victims who lock themselves out of the contents of their drives by accident.

Loading...