Lucky-Сhinese Ransomware
The Lucky-Сhinese Ransomware is a variant of the Lucky Ransomware, a file-locking Trojan whose campaign targets the residents of Asian countries. The Lucky-Сhinese Ransomware can lock your files with the AES encryption and may abuse software vulnerabilities on websites for achieving installations. Website admins should update their software regularly, use strong passwords, and keep backups for their protection while using anti-malware solutions for blocking and uninstalling the Lucky-Сhinese Ransomware.
China's Files are Striking It Lucky Again
The Lucky Ransomware campaign's origin in the past year came with several quirks that malware experts don't, generally, link to file-locker Trojans like it. This threat's payload targeted Asia and implemented a format for locking the files and delivering ransoming messages that isn't very commonplace. However, it could block digital media and demand ransoms for the cure, just like Hidden Tear or the Globe Ransomware, and the same is true of its apparent successor, the Lucky-Сhinese Ransomware.
The Lucky-Сhinese Ransomware maintains the various and partially-unique traits of its first version from 2018: it locks files with an AES encryption routine that malware experts are determining as not breakable with freeware tools, and changes the names with prepended e-mail addresses and an appended serial and extension. The Lucky-Сhinese Ransomware uses a new extension of 'evopro' that may be a reference to a prominent fighting game e-tournament. Importantly, it also shares the old Bitcoin wallet of the Lucky Ransomware, suggesting that the first threat actor is retaining control over this variant.
Similarly, no changes seem apparent in the Lucky-Сhinese Ransomware's distribution, which retains its focus on attacking Chinese users, and its ransoming message, which is a simple Notepad file that sells the file unlocker for Bitcoins. This version is active in the wild, but malware experts can't confirm if it's using the old Trojan's infection strategies. Lucky Ransomware's previous compromises involve the abuse of outdated versions of prominent Linux server software, especially, JBoss. Accordingly, websites and their owners and admins are more likely targets than the average, random PC owner.
Leaving No Part of Your Security Up to Luck
Server admins always should update their site's software habitually, which will reduce the vulnerabilities that the threat actors could take advantage of for dropping file-locker Trojans. Password management is equally critical due to the criminally-favored use of brute-force applications, which can estimate logins that use non-secure name and password combinations (such as short ones or guessable defaults). The Lucky-Сhinese Ransomware's payload could, potentially, also affect other PC users due to the general applicability of data encryption to files in a variety of environments.
The AES encryption that the Lucky-Сhinese Ransomware uses requires information that only the threat actor owns for unlocking any files. The users should keep their backups on other devices, such as cloud services or USBs, for giving themselves another recovery option without a ransom's attachment. Anti-malware services and products are useful for stopping the Trojan's installation, as well as uninstalling the Lucky-Сhinese Ransomware.
As long as the Lucky-Сhinese Ransomware's author continues 'getting lucky' by way of ransoms, he has little motivation for ceasing his crimes. Protect your files in the present to lower any chances of attacks in the future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.