Threat Database Ransomware EyLamo Ransomware

EyLamo Ransomware

By GoldSparrow in Ransomware

The EyLamo Ransomware is a threatening encryption ransomware Trojan that was first observed by PC security researchers in the last days of June 2017. The EyLamo Ransomware, like other encryption ransomware Trojans, is a threat infection that is designed to encrypt the victims' data using a strong encryption algorithm. This makes the files unusable. These programs then demand the payment of a ransom in exchange for the decryption key, needed to recover the affected files. The EyLamo Ransomware is most likely delivered to victims using spam email messages, which may have Microsoft Word files in DOCX format attached. These files will use corrupted scripts and macros to allow the EyLamo Ransomware to be downloaded and installed on the victim's computer. Once the EyLamo Ransomware is installed, it carries out its attack, taking the victim's files hostage until a large ransom is paid.

How the EyLamo Ransomware Demands the Payment of a Ransom

The EyLamo Ransomware attack is very similar to other ransomware Trojan attacks observed recently. In its attack, the EyLamo Ransomware will encrypt the victim's files using a strong encryption algorithm, then identify the files encrypted in the attack by changing their extensions. The EyLamo Ransomware will add the file extension '.lamo' to the files encrypted in the attack. Once the EyLamo Ransomware has altered the files, they will show up in the Windows Explorer as blank icons and their contents will no longer be accessible. Once the EyLamo Ransomware encrypts the victims' files, it will demand the payment of a ransom by delivering a ransom note to the victim.

The Ransom Note Displayed by the EyLamo Ransomware

After the EyLamo Ransomware has finished its attack, the EyLamo Ransomware will change the infected computer's desktop image. The new Desktop image will display a ransom note, alerting the victim of the attack and displaying instructions for payment. The EyLamo Ransomware's custom desktop image will contain the following text:

'Oops, your files have been blocked!
Please read the READ_IT.txt on your desktop for more information.'

On the infected computer's desktop, there will be a new text file named 'READ_IT.txt,' referenced in the EyLamo Ransomware's custom desktop image. The EyLamo Ransomware's ransom note contains the following text:

'This computer has been hacked
Your personal files have been ecrypted. Send me BTC or kebab to get decryption passcode.
After that, you'll be able to see your beloved files again.
With love... EyLamo : ')
Bitcoin: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn'

Unlike many other ransomware Trojans, the EyLamo Ransomware does not demand a specific ransom amount from the victim. PC security researchers have been able to observe payments made to the EyLamo Ransomware BitCoin wallet. These payments seem to range from 0.2 BitCoin (approximately $480 USD) to 0.0125 BTC (approximately $30 USD at the current exchange rate). It's possible that the people responsible for the EyLamo Ransomware attack are negotiating ransom amounts with victims, depending on the extent of the damage.

Protecting Your Data and Computer from Threats Like the EyLamo Ransomware

The best protection against ransomware Trojans like the EyLamo Ransomware is to have file backups. If computer users have backups of their files on an external memory device that is fully up-to-date, then they become completely immune to attacks like the EyLamo Ransomware. This is because ransomware Trojans like the EyLamo Ransomware rely on threatening the victims by taking away their files entirely, holding this power over the victim and forcing them to pay a ransom amount to recover the affected files. If computer users can simply recover their files using the backup copies, then the con artists lose this power. Keeping copies of your files on the cloud also is a good way to protect your data, although you should ensure that the files are not synchronized automatically for maximum protection. Otherwise, the files encrypted on your computer also may be encrypted in the cloud. A security product that is fully up-to-date should be capable of deleting the EyLamo Ransomware, although it will not aid in the file recovery.

Trending

Most Viewed

Loading...