Home Malware Programs Ransomware RIP Lmao Ransomware

RIP Lmao Ransomware

Posted: December 18, 2020

The RIP Lmao Ransomware is a file-locking Trojan that's independent of any family or group. It blocks work and personal files on Windows environments and holds them as hostages until the victim pays its ransom. All Windows users should have backups for general protection and let their anti-malware solutions remove the RIP Lmao Ransomware on detection.

Chattering Skulls for Negotiators over Files

Plunders of free programming resources and 'rented' Ransomware-as-a-Services make up most of the file-locking Trojan industry, but not all of it. The RIP Lmao Ransomware is another sample of a threat of this type without relationships to prior ones, although, as a Windows, .NET Framework program, it resembles many of its competitors. The Trojan is cheap for buying out unusually, which might be a deliberate strategy on the threat actor's part.

The RIP Lmao Ransomware attacks the user's documents, pictures, and other media through an encryption routine, whose security malware analysts have yet to determine. Like many amateur-level projects, the RIP Lmao Ransomware dispenses with more complex tags on files' names as a visual marker. However, it does include a minimal extension ('jcrypt') that it adds after the original.

The RIP Lmao Ransomware has both a pop-up window and a text note with its humble ransom demands for the file recovery service. It asks for less than fifty dollars USD in Bitcoins and has zero payments to its wallet currently. Its pop-up format is semi-unique, showing a skull, a 'RIP lmao' tagline and an otherwise featureless background.

Despite its affordability, paying the ransom still is not an optimal recovery path for any victims. Each payment creates more incentive for Trojan development, and malware experts point out that many negotiations involve the threat actors using the communications for even more attacks.

Taking Care of Not-So-Funny Business

Windows users already should have backups of their work for recovery without a need for breaking the RIP Lmao Ransomware's encryption algorithm. For most users, saving to removable devices or cloud services with other security protocols such as password requirements will keep their files safe from harm. Like most threats of the type, malware researchers see little likelihood of the RIP Lmao Ransomware's encrypting or damaging system files.

Currently, all samples of the RIP Lmao Ransomware use unsigned installers and generic, placeholder names like 'WindowsFormsApp1.' Since its ransom is so trivial, readers should expect potential attacks from non-targeted methods, unlike the higher-end efforts of families like theĀ NEFILIM Ransomware. Weak passwords, out-of-date software, and non-secure RDP features can facilitate attacks against a Windows PC. Users also might infect their computers by opening random e-mail attachments, fake Web updates, or torrents.

Most security solutions will flag the RIP Lmao Ransomware because it conforms to the expected characteristics of similar Trojans. Deleting the RIP Lmao Ransomware without dedicated security software's assistance should be most users' last-resort option.

The RIP Lmao Ransomware is a bargain-basement variation on the theme of file-locking programming antics. Cheaper it might be, but still poisonous to others' files, and no one should treat it any less seriously because it's less greedy than its competing Trojans.