LuckyJoe Ransomware
The LuckyJoe Ransomware is a file-locking Trojan that blocks digital media on Linux systems. Victims will experience symptoms such as non-opening files with '.GNNCRY' extensions and the appearance of Notepad ransom notes with this Trojan's name in ASCII art. In infection scenarios, users should recover via backups or free decryption services, as necessary, after deleting the LuckyJoe Ransomware with a trusted anti-malware product.
Unluckily Meeting a Lucky Trojan
Windows is the archetypal environment for file-locking Trojans, but criminals go wherever they can find victims. The gradual trickle of Linux-based threats with encryption, such as the NAS-compromising DecryptIomega Ransomware or the more conventional LuckyJoe Ransomware, makes it public knowledge that this environment is at risk. However, regardless of one's OS, the solution remains backing up work responsibly to secured locations.
By contrast to the network-attached storage attacks of DecryptIomega Ransomware, the LuckyJoe Ransomware is a more conventional Trojan. Its inspiration is, apparently, the WannaCryptor Ransomware, the WCry extension or the WannaCry family. The threat identifies itself in its name note by name, but also includes filename-based references to the widely-used WannaCryptor Ransomware.
As with the Ransomware-as-a-Service threats it imitates, the LuckyJoe Ransomware uses AES and RSA encryption for stopping the user's media from opening. It also adds ' GNNCRY' (short for 'gonna cry') extensions and creates Notepad ransom messages. The latter provides a Bitcoin ransom-paying address, which, malware experts note, is empty, as of mid-August. The five hundred dollar equivalent in coins that it demands is suitable for most 'casual' victims, including small businesses with unprotected servers or random Web surfers without appropriate safeguards.
Making Your Luck on the Web
Encryption is, often, an irreversible assault for victims of these extortionist campaigns. Avoiding file-locking Trojan attacks is always ideal, and can include foundational security steps like:
- Using strong passwords (for brute force protection).
- Installing security updates promptly (versus Exploit Kits and other vulnerability abusers).
- Disabling risky browser features like Flash (another counter to EKs).
- Saving backups to secure devices (for recovering 'locked' files afterward).
- Avoiding illicitly-downloadable content.
Current samples of the Trojan offer no details concerning the infection routes it might be using. Unusually, it also has no connection to the rental-based RaaS or Ransomware-as-a-Service industry. Theoretically, the Trojan's being a 'pet project' could lower the scale of its distribution.
As malware researchers find no current victims of the LuckyJoe Ransomware, the Trojan might be in development. Its encryption, however, is working, and users should respond to it as a threat to their computers. Linux anti-malware products should remove the LuckyJoe Ransomware safely in most cases.
While Hidden Tear and the Ransomware-as-a-Service industry pushes attacks to Windows systems, the LuckyJoe Ransomware takes the higher-hanging fruit. What money there is to extort from the Linux user base is a variable open to further investigation.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.