LoveLock Ransomware

The LoveLock Ransomware is a ransomware Trojan that has a name similar to a previously released ransomware Trojan known as Love2Lock Ransomware. However, PC security researchers have not observed a direct relationship between these two threats. The LoveLock Ransomware was first detected on February 16, 2017 and related to various other ransomware Trojans released recently, including the Hermes Ransomware and the Portuguese CryptoLocker variant. The LoveLock Ransomware is delivered using phishing email messages containing corrupted email attachments. In most cases, the LoveLock Ransomware targets medium and small businesses, as well as corporate networks, although the LoveLock Ransomware also can be responsible for attacks on individuals.

The Love that should be Locked

Like other ransomware Trojans, the main purpose of the LoveLock Ransomware is to encrypt the victims' files and then asks for ransom. One aspect of the LoveLock Ransomware that makes it slightly different from many other ransomware Trojans is that it encrypts a limited amount of file types, which may be because con artists wanted to ensure that the LoveLock Ransomware attack was as fast as possible. It seems that the version of the LoveLock Ransomware being distributed is still in progress currently. This is because the versions of the LoveLock Ransomware uncovered by PC security researchers limit their attack to a folder named 'test 2' located on the infected computer's Desktop. This is a test version of the LoveLock Ransomware clearly, and it is very likely that a full version of the LoveLock Ransomware will be released eventually (if it has not been released already). The LoveLock Ransomware will scan the victim's computer in search for the following file types:

.ASP, .ASPX, .CSV, .DOC, .DOCX, .HTML, .JPG, .MDB, .ODT, .PHP, .PNG, .PPT, .PPTX, .PSD, .SLN, .SQL, .TXT, .XLS, .XLSX, .XML.

How the LoveLock Ransomware Carries out Its Attack

The LoveLock Ransomware uses a strong encryption algorithm to encrypt the files it finds that match the file extensions listed above. The LoveLock Ransomware is based on HiddenTear, an open source ransomware project that has been the source for countless ransomware variants. After encrypting the victim's files, the LoveLock Ransomware sends the decryption key to its Command and Control server, making it impossible for the victim or PC security researchers to obtain it from the infected computer. The files that are encrypted using the LoveLock Ransomware can be identified easily because the LoveLock Ransomware will add the extension '.hasp' to the end of each of the affected files. The LoveLock Ransomware delivers its ransom note in the form of a program window, but in the case of the current incomplete version of the LoveLock Ransomware, the window simply says 'Test 1.'

Dealing with a the LoveLock Ransomware Infection

Fortunately, the versions of the LoveLock Ransomware observed currently are not operational and will not cause damage to victims' files. However, it seems a trivial task to create a fully operational version of the LoveLock Ransomware. Because of this, PC security researchers advise that computer users take steps to protect their files and computers from these attacks. The best precautionary measure computer users can take to ensure that their files are safe from threats like the LoveLock Ransomware is to have backups of all files on an external memory device or the cloud. If computer users can recover the files encrypted by the LoveLock Ransomware from a backup, then the creators of this threat lose any leverage they have to demand the payment of a ransom from their victims. Apart from file backups, PC security researchers advise computer users to have a reliable security program that is fully up-to-date. The phishing email messages that have been linked to the LoveLock Ransomware make it likely that the LoveLock Ransomware will use corrupted file attachments and a social engineering message in its attack, making it very important that computer users learn how to handle emails safely.