Lalo Ransomware

There is a new variant of the infamous STOP Ransomware that has been detected in the wild. The name of this new data-locking Trojan is Lalo Ransomware. Many cybercriminals opt to use already established threats like the STOP Ransomware to modify and build their own file-encrypting Trojans. In 2019 there were over 200 variants of the STOP Ransomware released, making it the most active ransomware family throughout the whole year.

Propagation and Encryption

There are many infection vectors that authors of ransomware utilize. The most popular distribution technique is fake emails that contain corrupted links or fraudulent attachments. Other commonly used propagation methods are bogus application updates and downloads, pirated copies of popular software tools, malvertising campaigns, torrent trackers and others. If the Lalo Ransomware manages to compromise your computer, it will scan your data to locate all the files present on your system. The Lalo Ransomware is likely to target a very large array of filetypes so that it causes maximum damage. If your computer gets infected by the Lalo Ransomware, it is likely that all your images, audio files, videos, documents, spreadsheets, databases, archives, and other files will be encrypted securely. The Lalo Ransomware adds a new extension to the names of all the affected files – ‘.lalo.’ For example, if you had named a file ‘bright-light.mp4,’ the Lalo Ransomware will rename it to ‘bright-light.mp4.lalo.’

The Ransom Note

Once the encryption process is completed, the Lalo Ransomware would drop a ransom note named ‘_readme.txt.’ Most variants of the STOP Ransomware use this filename for the ransom note. There are several important points outlined in the ransom message of the attackers:

• Users have a 72-hour deadline to pay the ransom fee - $490.
• Users who fail to meet the deadline would have to pay double the price - $980.
• The authors of the threat offer to decrypt one file free of charge.
• The preferred communication method is via email – ‘helpmanager@mail.ch’ and ‘helpdatarestore@firemail.cc.’

The Lalo Ransomware Ransom Note

The ransom note contains instructions on how victims can decrypt their computers. Users must pay a ransom through the purchase of a decryption key. The original cost of the decryption tools is set at $980, but users are told that they can get a discount if they make contact within 72 hours (3 days) of infection. In that case, the ransom would be lowed to $490. Victims are offered the chance to have a file decrypted for free as proof that the provided decryption key works.

Below is a screenshot of what the ransom note looks like:

ATTENTION!
Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
hxxps://we.tl/t-oDZg08Mf5e
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your email "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our email:
helpmanager@mail.ch
Reserve email address to contact us:
helpdatarestore@firemail.cc
Your personal ID:
-

It is often impossible to decrypt data without intervention from the criminals responsible. If the malware is still in the early stages of development or has bugs, then security researchers can create a public decryption key. Interacting with the attackers – in particular meeting their demands – is discouraged. There is no guarantee that their tools will correctly decrypt infected files. Even if it does, there's also no guarantee that the virus won't just come back and start the process over.

Users should take steps to remove the virus and restore lost data themselves.

How Does Lalo Infect Computers?

Ransomware, and all other kinds of malware, spreads through spam campaigns, trojan viruses, fake software updates, illegal activation tools (cracks), and malicious downloads. Trojans are viruses with the ability to hide viruses and cause chain infections. Spam campaigns involve sending out thousands of malicious spam emails in the hope that a small percentage of people interact with them. These emails include infected file attachments, such as infected Word Documents and executable files. Cracking tools are used to activate illegally downloaded software, but they are known to install malware too. Hackers also exploit flaws in outdated software and create fake updates that install viruses rather than update software as promised.

How to Protect Yourself Against Lalo Ransomware

The first step towards protecting yourself against ransomware like this is not to open suspicious and unsolicited emails. You should also only use official download sites or trusted third-party websites. Avoid peer-to-peer sharing networks and illegal downloads. Not only is it illegal to download and crack pirated software, but you also run the risk of computer infection. Last but not least, you owe it to your computer – and yourself – to invest in reliable antivirus protection. Accidents happen, and being safe can only get you so far. You need something that can help if an infection gets through despite your best efforts.

Final Thoughts

The Lola ransomware encrypts the data on your computer and demands that you make a bitcoin payment to get it back. There are lots of different ransomware out there, with the main difference being the size of the ransom demand. At $980, Lola has a steep ransom demand. Save yourself time and money by investing in robust security software and maintaining digital hygiene best practices. Keep regular backups of your files, and that way you'll never have to worry about data loss again.