0l0lqq Ransomware

The 0l0lqq Ransomware is a file-locking Trojan that's part of the TeslaCrypt Ransomware family. Users should be aware of these threats' capacity to lock media files indefinitely, including documents and other vital data, and have secure backups for recovering their work. Appropriate security services also should delete the 0l0lqq Ransomware, which circulates in fake invoices over e-mail.

The Telltale Spark of an Old Enemy

A threat actor is putting the TeslaCrypt Ransomware family up to no good again, with e-mail tactics that lead to file-blocking attacks against Windows users. Although the 0l0lqq Ransomware has few major surprises in its payload, the update could be secure against current decryption solutions available to the public. As always, backups and e-mail security habits are valuable tools against the Trojan.

The 0l0lqq Ransomware uses similar data-blocking mechanisms to relatives such as the '.abc File Extension' Ransomware, the '.ecc File Extension' Ransomware, the '.exx File Extension' Ransomware or the '.zzz File Extension' Ransomware. Along with encrypting and blocking media formats like pictures or documents, the 0l0lqq Ransomware also may block gaming-related files, such as components of Blizzard's World of Warcraft MMORPG. The feature includes a cosmetic-only, unique extension, for which the 0l0lqq Ransomware gets its name.

Malware experts discourage paying the 0l0lqq Ransomware's ransom-based offer for a premium unlocker or decryptor, but the Trojan also provides a limited, one file demonstration for free. The 0l0lqq Ransomware also leans into the increasingly-common social engineering tactic of claiming that the attackers will publicize the victim's encrypted information in the event of no cooperation. Further details suggest that the 0l0lqq Ransomware is attacking business-oriented entities instead of home Windows users.

When Trojan Business Impacts the Workplace

The 0l0lqq Ransomware circulates through a tactic that involves tricking workers into opening corrupted e-mail attachments: specifically, Excel spreadsheets formatted for resembling invoices from NQ Supply, a packaging and hygiene products supplier. As a line of defense, users should stick to malware experts' recommendation of having up-to-date software since new versions of Microsoft Office will not run the drive-by-download content (an embedded macro) by default. Microsoft Office 2010 and newer are also at risk, but only after victims deliberately click to enable the additional content.

In what different sources describe as a 'shocking twist' or the end to the TeslaCrypt Ransomware family, the Trojan's maintainers released the master encryption key onto the Web previously. That the 0l0lqq Ransomware is a new variant might indicate that a less-invested threat actor is updating old code as a workaround to the fees of Ransomware-as-a-Service businesses. There's no confirmation that the 0l0lqq Ransomware is decryptable, and users always should copy their media files before testing decryption tools on them.

Up-to-date anti-malware tools have the best rates of detection against new threats and should remove the 0l0lqq Ransomware. Only a few security programs identify its corrupted Excel invoices, but users also should be well-aware of the ubiquity of invoice-themed tactics over e-mail.

It's never the end of a Trojan's story until threat actors stop using it. The 0l0lqq Ransomware is a sequel to a tale once thought of as complete, and its plot is as violent against data as ever.