LYLI Ransomware
The LYLI Ransomware is a file-locking Trojan from the Ransomware-as-a-Service family of the STOP Ransomware or Djvu Ransomware. The LYLI Ransomware can stop users' files from opening by encrypting their internal data and offers a premium, ransom-based recovery service. Well-protected backups will render most damage from infections moot, and traditional cyber-security products should block attacks and remove the LYLI Ransomware.
There's No Stopping a Money-Making Trojan Business
The Ransomware-as-a-Service industry remains strong in the second half of 2020, with numerous examples of different families concurrently operating. Out of them, the STOP Ransomware is possibly the most widely in use and the threat most likely of conducting campaigns around the world ranging from southeast Asia to North America. It's little shock that a new variant, the LYLI Ransomware, is appearing in threat databases.
The LYLI Ransomware remains capable of using encryption as an attack for locking files, such as documents, pictures, archives, spreadsheets, or music, among other media. An interrupted server connection forces the LYLI Ransomware into using a less-secure key, but decryption availability is questionable even in this circumstance. Victims can isolate any affected files by searching for content with the Trojan's custom campaign extension of 'LYLI,' which, as usual, is a random, four-character string.
The ransom note in the LYLI Ransomware's payload is identical to previous ones that malware experts are aware of from samples like the Copa Ransomware, the KASP Ransomware, the Kolz Ransomware or the Vari Ransomware. The Trojan asks for nearly one thousand USD in Bitcoins for recovering the victim's files, although there is a 'discount' for those who pay within a few days. Paying criminals doesn't always give a decryption service back to the would-be buyers. As a secondary risk, any files transferred by the attackers could be disguised attacks (such as a backdoor Trojan).
Putting the Lie to a RaaS Business's Ledgers
The Ransomware-as-a-Service phenomenon is highly-flexible, thanks to hiring itself out to third party attackers who can circulate variant Trojans like the LYLI Ransomware at their pleasure. Windows users at risk from the STOP Ransomware family, including both home users and server administrators, should preserve their files on other devices to prevent any ransom scenario from occurring. Each payment to a Ransomware-as-a-Service encourages more campaigns and variant Trojans without any technical knowledge necessary to launch attacks.
Along with backups, malware analysts also emphasize some simple protections that will counter the exploits that are common to file-locker Trojans. The STOP Ransomware campaigns sometimes use torrents and disguises, such as illegal software downloads, for finding victims. More targeted strategies can, instead, attach the installer to an e-mail in a corrupted document. Users should be especially careful of enabling macros and advanced content, as well as scripts.
Robust anti-malware technology can detect most file-locking Trojans, and this goes for the STOP Ransomware or the Djvu Ransomware family as much as others. Users under the protection of these products can remove the LYLI Ransomware before encryption attacks ever happen.
The LYLI Ransomware is as threatening as Windows users let it be. Much like tolerating an abuser's predatory behavior, giving leeway to strange software has consequences that are long-term but also far more preventable than otherwise.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.