Lucknite Ransomware
The Lucknite (ETH) Ransomware is threatening software designed to encrypt its victims' data and demand payment for decryption tools. Upon execution, it will begin to target specified files on the infected machine, appending their filenames with a ".lucknite" extension. For example, a file initially named 'Pic1.jpg' will appear as 'Pic1.jpg.lucknite,' and so on. Once the encryption process is complete, a ransom note (README.txt) is created, which lays out the payment demands for the decryption tools.
Lucknite Ransomware's Demands
Cybersecurity researchers have spotted at least two versions of the Lucknite Ransomware threat. The details and demands in both cases are practically the same. Attackers state that victims must pay a ransom of $50. However, payments using the Ethereum cryptocurrency will be accepted. According to the ransom notes, the ransom should be around 0.039 ETH. Keep in mind that cryptocurrencies can swing in value extremely fast, so the exact exchange rate could no longer be accurate. The money must be transferred to the threat actors' crypto-wallet address, also found in the ransom-demanding messages.
How to Deal with a Ransomware Attack?
Removing the Lucknite (ETH) Ransomware from an infected system is the only way to stop it from encrypting more data. However, this alone will not restore already compromised files - the only solution, in this case, is recovering them through a backup if one was created and stored elsewhere before the infection.
Despite ransom demands seeming reasonable at times, security experts strongly advise against paying. It is not that rare for victims to meet the attackers' demands but then fail to get the necessary decryption tool and keys – therefore, supporting such illegal activities should be avoided at all costs.
The full text of Lucknite Ransomware's note is:
'All of your files have been encrypted by Lucknite ransomware.
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help. What can I do to get my files back? You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.The price for the software is $50. Payment can be made in Ethereum only.
How do I pay, where do I get Ethereum?
Purchasing Ethereum varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Ethereum.Payment informationAmount: 0,039 ETH
Ethereum Address: 0x3b0d2E1Ba3B67e9bba01D6f0A6bA221BaB08109A'
The ransom note delivered by the ETH variant:
'All of your files have been encrypted by ETH ransomware (AKA LuckniteRansom). Your computer was infected with a ransomware.
Your files have been encrypted and you won't be able to decrypt them without our help. What can I do to get my files back? You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer .The price for the software is $50. Payment can be made in Ethereum only.
How do I pay, where do I get Ethereum? Purchasing Ethereum varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Ethereum.Payment information Amount: 0,039 ETH
Ethereum Address: 0x3b0d2E1Ba3B67e9bba01D6f0A6bA221BaB08109AAfter sending the money type an email to lucknitev1@gmail.com and he'll send the decryptor.'
