LCK Ransomware
There’s nothing lucky about LCK ransomware. If you are unfortunate enough to notice ".LCK" files on your computer, it means you’ve become the victim of nasty malware. LCK is ransomware of the Dharma variety. Viruses of this kind find files on computers and encrypt them, demanding a monetary payment to undo the damage. The encrypted files get the new file extension so that they can’t be opened or accessed at all.
Table of Contents
LCK Ransomware Ransom Note
Outside of the changes to your files, another obvious sign of LCK ransomware infection is the ransom note. This note explains the situation to victims and reads as follows:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!
If you want to restore them, follow this link:email triplock@tutanota.com YOUR ID -
If you have not been answered via the link within 12 hours, write to us by e-mail:triplock@cock.li
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam
This is a typical ransomware infection algorithm. With the help of such a note, viruses extort money by fraudulently intimidating victims by permanently deleting files.
In order not to be deceived, you need to get rid of scammers. For this, we have provided automatic and manual removal methods for you. We do not advise you to remove LCK ransomware manually if you have never encountered such problems.
What is LCK Ransomware, and How Did I Get It?
The LCK ransomware represents one of the latest additions to the Dharma family of ransomware. The malware is created alongside other similar threats. The ransomware likely sticks to the same model as different versions, where people buy a custom version of the malware from hacking groups on dark web forums.
These Dharma ransomware variants stick to a similar infection method and execution. This fact allows us to conclude that they also have similar infection methods. The most effective way to spread a virus of this nature is by injecting the code into files and distributing them. The virus is embedded in documents and executable files, as well as archives and other popular file formats.
Criminals often use fake identities or previously hacked accounts to spread the files on online communities, including forums and social networks. Hackers also employ manipulative tacts to spread the virus, creating socially-engineered emails and websites. Hackers upload the LCK-laced files to online portals and websites designed to look like official trusted sites.
Virus files also commonly appear on file-sharing websites and networks. Torrents, in particular, are a breeding ground for computer viruses.
LCK gets to work as soon as it infects a computer. The virus begins a built-in sequence of commands. As is the case with most Dharma infections, it all starts with data gathering. The virus looks to steal personal information from users and information about the targeted machine and application data. By stealing this information, the criminals make it easier to conduct identity theft and financial abuse down the line.
Some viruses of this nature are programmed to bypass security software. The virus checks to see if antivirus programs are running aid disables them. LCK also disables firewalls, virtual machine hosts, and other virus detection systems.
The LCK virus can also cause system changes and affect how your computer normally runs. Most of these changes are associated with boot changes, allowing the ransomware to gain persistence. This means that the virus will start automatically when you boot up Windows. These changes can also prevent you from accessing recovery options and other boot options. There is the potential that the virus can change the Windows Registry, causing performance issues and data loss and preventing users from running certain services.
The virus can do other things to your computer according to the instructions of the attack campaign. Once all of these actions are said and done, the encryption process begins. The ransomware targets archives, backups, documents, images, videos, music, and other popular file types – encrypting them with a robust cryptographic algorithm. The ransomware also applies the LCK file extension and creates the ransom note to blackmail victims.
What to do if Your Computer is Infected With LCK Ransomware
There are several things you should and shouldn’t do in the event of an LCK infection. The last thing you should do is pay the ransom demand. There is no guarantee that the hackers will live up to their end of the deal and provide you with the necessary tools to decrypt your data. Don’t allow yourself to become the victim of a scam.
Instead, what you should do is first use an antivirus program to remove the initial infection. This step won’t undo the encryption, but it does prevent further issues. From there, you can proceed to restore your files using an external backup. If you don’t have an external backup, you might have some luck with file recovery software. However, don’t rely on these programs as the ransomware deletes the internal backups and Shadow Volume Copies these programs rely on.
