Itlock is a fearsome ransomware threat identified by cybersecurity researchers. During their analysis, the experts confirmed that the threat is equipped with an uncrackable encryption algorithm and is capable of targeting numerous different file types. Each impacted file will be left in an unusable state.
Furthermore, the threat will append the ".itlock20" extension to the name of each encrypted file. Users should keep in mind that the specific number in the extension may vary. In addition to the file encryption, the Itlock Ransomware presents victims with a ransom note called 'How_to_back_files.html.' It has also been confirmed that Itlock is a variant belonging to the infamous MedusaLocker Ransomware family.
Ransomware Threats Like Itlock can Cause Severe Damage and Disruptions
The ransom note says that the attackers have encrypted vital files on the breached devices using a combination of the RSA and AES encryption algorithms. They explicitly warn against victims attempting to restore the files using third-party software, cautioning that such actions could result in permanent data corruption. The note strongly emphasizes that only the attackers possess the capability to resolve the encryption problem.
In addition, the ransom note reveals that the attackers have gained unauthorized access to highly confidential and personal data, which is currently stored on a private server. This means that the cybercriminals behind the Itlock Ransomware are running a double-extortion operation. If the victim decides not to comply with the demands, the attackers threaten to release the compromised data to the public or sell it to third parties.
Furthermore, as a demonstration of their ability to decrypt files, the attackers offer to decrypt 2-3 non-critical files at no cost. The ransom note leaves victims with specific email addresses to establish communication and inquire about the ransom amount. It is stressed in the note that failure to initiate contact within a 72-hour timeframe will result in an increased ransom price. Lastly, the ransom note mentions the option of utilizing Tor chat for ongoing communication with the attackers.
It is Crucial to Stop Ransomware Threats as Early as Possible
Users can employ several security measures to safeguard their data and devices from ransomware threats. Firstly, it is crucial to maintain regular backups of relevant data. By creating duplicate copies of their files and storing them in secure locations, users can ensure that even if their data becomes encrypted or compromised by ransomware, they can restore it from the backups.
Keeping your operating systems and software up to date is essential. Regularly installing security patches and updates helps to address vulnerabilities that ransomware may exploit to gain access to a system. By staying current with software updates, users can strengthen their defenses against known security flaws.
Exercising caution when interacting with emails, attachments, and links is another vital measure. Users should verify the authenticity of email senders, avoid clicking on links or accessing attachments from unfamiliar or suspicious sources, and be wary of phishing attempts. By being vigilant, users can avoid falling victim to social engineering tactics commonly used by ransomware distributors.
Deploying reputable security software, including anti-malware programs and firewalls, is vital. These tools can detect and block potential ransomware threats, as well as provide real-time protection against malicious activities. Regularly updating and scanning the system with security software is essential to detect and remove any malware or suspicious files.
The full text of Itlock Ransomware's ransom note is:
'YOUR PERSONAL ID:
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
Tor-chat to always be in touch:'