The LegionLocker Ransomware is a file-locker Trojan that can stop documents and other media from opening by encrypting them. The LegionLocker Ransomware is a part of the Cobra Locker Ransomware (or Cobra_Locker Ransomware) family, which has no free decryption solution. Windows users should have robust backups for their work appropriately and let dedicated security solutions delete the LegionLocker Ransomware as they detect it.
A Certain Snake Preys on Files Once More
The Cobra Locker Ransomware is one of the most trivial families of file-locker Trojans recognized as such. Still, the absence of relatives isn't the same as a weak or ineffectual payload. Unfortunately, for Windows users suffering from the metaphorical bite of new members like the LegionLocker Ransomware, the attacks are just as effective as the previous Szymekk Ransomware or the IT Ransomware. The LegionLocker Ransomware variant of the group offers a more professional ransom note than usual, but the modus operandi for extortion is the same.
The LegionLocker Ransomware is a .NET Framework Trojan, which limits its compatibility to Windows environments. Most samples that malware experts analyze use random, meaningless characters for their names, and the development number suggest that the LegionLocker Ransomware is in its first 'official' release state. Since the Trojan keeps all of the older Cobra Locker Ransomware features, it can block documents, pictures, music, and other digital media with a similar encryption routine, stopping their opening.
The LegionLocker Ransomware also includes some characteristic symptoms besides the direct locking of files:
• Adding 'Legion' extensions to files' names
• Generating an HTA pop-up window with a timer and Bitcoin-based ransom offer for data recovery
• Deleting the Shadow Volume Copies (the Restore Points) with default Windows tools
The LegionLocker Ransomware's expectations for ransoms are cheap, at under one hundred USD in Bitcoins. This sum indicates that the attacker isn't targeting large corporations or governments. File-locker Trojans are threatening to home Windows users equally, especially those who partake in unsafe file-sharing or Web-browsing behavior. Non-local backup reserves are the best option for recovering any media that the LegionLocker Ransomware blocks.
Pushing a Serpentine Legion Back into the Jungle
To make a profit, the LegionLocker Ransomware requires some unsafe and unwise behavior from Windows users. Users with backups, as established previously, can restore their work without considering the ransom demands of the attacker quickly. Whether it's cheap or expensive, the difficulty in refunding Bitcoins and other cryptocurrencies makes these ransoms doubly risky for any victims without a superior recovery plan.
Any strong brand of anti-malware security solution should block most file-locker Trojans. Since malware researchers confirm the trend anew with the LegionLocker Ransomware, users should feel no need to uninstall the LegionLocker Ransomware by hand; most security products will delete it.
The LegionLocker Ransomware has no payments or other activity in its wallet, and one may hope that it stays that way. An empty wallet means impoverishing Trojan development, which is all for the good of those users who aren't canny enough to attend to their backups.