LAZPARKING Ransomware
The LAZPARKING Ransomware is a threatening cryptolocker threat capable of affecting individually targeted computer systems as well as all systems that are connected to an already compromised network. The behavior of the threat doesn't deviate significantly from what is considered to be the norm for its type. It uses strong encryption algorithms to effectively lock nearly all of the personal or business-related files stored on the infected target. It avoids tampering with any system-critical files as that may result in severe crashes, defeating the purpose of the threat.
When it encrypts a file, the LAZPARKING Ransomware modifies its original filename by appending '.LAZPARKING-' followed by a string of characters specific for that particular victim. The instructions from the cybercriminals responsible for unleashing the threat is dropped in the form of a text file named '!!LAZPARKING-MESSAGE.txt.' A copy of the ransom note-carrying file will be created in every folder containing encrypted data.
The ransom note makes it rather obvious that the LAZPARKING Ransomware is designed to infect companies and not random computer users mainly. The hackers state that they have managed to exfiltrate a sizable portion of sensitive private data before it was encrypted by the crypto locker. The stolen information supposedly includes personal employee details, HR files, payroll files, and tax reports, marketing data, email lists, accounting details, SQL database dumps containing records of customer names, addresses, emails, credit cards, etc. The hackers threaten to leak all of the illegally obtained information on various forums if their demands are not met.
To receive further instructions, victims of the LAZPARKING Ransomware are told to initiate contact by sending an email to the two provided email address - 'jorge.smith@mailfence.com' and 'finbdodscokpd@privatemail.com.' They also can attach 2 files that are less than 1MB in size to be decrypted for free.
The full text of the ransom note delivered by the LAZPARKING Ransomware is:
'Hello!
Your network is penetrated.
Forced shutdown of devices can lead to the loss of all data. Do not forcibly disconnect storage volumes from hosts,
interrupt process and restart. Damaged information cannot be recovered.
All data is properly protected against unauthorized access by steady encryption technology.
We have downloaded essential data of company:
HR files.
Personal data of employees. Like background checks,ssn,account#,signatures.
Files of ~4000 employees from folder Departmental Shares\CTOPS\Admin\Employee Document Folder (Scan)
Payroll files like tax reports with personal info.
SQL database dumps. For example, 400k records of customers with name,address,email,credit card data from LAZPARIS server.
Marketing data, for example email lists for MailChimp.
Financial, corp accounting data.
…
In case if you refuse to cooperate with us, all essential data will be published at forums. Full details and proofs will be
provided in case of contacting us by following emails.
jorge.smith@mailfence.com
finbdodscokpd@privatemail.com
It's just a business.
We can help you to quickly recover all your files.
We will explain what kind of vulnerability was used to hack your network.
If you will not cooperate with us, you will never know how your network was compromised. We guarantee this will happen again.
We can decrypt 2 small files (up to 1MB) for free. Send files by email.
Register new email account at secure mail service like mailfence, protonmail to be sure that outgoing email not blocked by spam filter.
Don't use gmail!.
WARNING!
Don't report to police. They will suspend financial activity of company and negotiation process.'
