Lick Ransomware DescriptionType: Ransomware
The Lick Ransomware is a ransomware Trojan that includes a large image of a tongue kiss using an ASCII text. The Lick Ransomware is a new variant of the Kirk Ransomware, a recently released encryption ransomware Trojan-themed around Star Trek that also included ASCII images in its ransom note. The Lick Ransomware seems to be part of an emerging family of ransomware that has this characteristic and has targets in Europe and the English-speaking world. Malware researchers first reported on the Lick Ransomware on March 22, 2017. The Lick Ransomware is being distributed through the use of spam email attachments, which use corrupted scripts to download and install the Lick Ransomware on the victim's computer.
How the Lick Ransomware may be Distributed and Carry out Its Attack
The Lick Ransomware and previous variants seem to be disguised as 'file decryptors' by taking advantage of other ransomware attacks. The Lick Ransomware can carry out its attack without being connected to the Internet. The Lick Ransomware's corrupted file can be distributed in a variety of ways, with this bogus file decryptor being only one of the numerous different methods. The Lick Ransomware's corrupted executable file may be distributed as a corrupted program named 'File Decrypter v18.104.22.168.' When victims run this program, the following message window appears:
'File Decrypter is initializing for your system.
This may take some time.
Click 'OK' to close this dialog box and wait for the 'Finished' popup'
In fact, while the Lick Ransomware is supposedly helping the victim, it is encrypting the victim's files and carrying out its attack. The Lick Ransomware claims to 'decrypt' various file types, but it does the opposite, making them inaccessible and locking the victim's files. The Lick Ransomware looks for the same types of files targeted by numerous other ransomware Trojans, including media files, eBooks, various document types, databases, etc. After the Lick Ransomware finishes encrypting the victim's files, the Lick Ransomware will display a pop-up message titled 'Finished' and then a batch file titled 'Lick,' which contains the following message:
'Thanks for your patience!
MALWARE INFECTION! READ THIS!
- Do not attempt to adjust your head. This output may appear to be scrambled. It is not. Your view-port is too narrow. Drag the editors edge to resize it and all will become clear.
Oh no! the Lick Ransomware has encrypted your files!
> ! IMPORTANT ! READ CAREFULLY:
Your computer has fallen victim to the Lick malware and important files have been encrypted - locked up so they don't work. This may have broken some software, including games, office suites etc. But mainly it has made a lot of files unreadable. 28876 of your files are encrypted and currently cannot be used.'
Dealing with a Lick Ransomware Infection
Essentially, the Lick Ransomware carries out a typical encryption ransomware attack, disguising it as a program designed to help decrypt the files infected in one of these infections. The Lick Ransomware may pile on an already existing problem, making it even worse. PC security researchers strongly advise computer users to ignore the Lick Ransomware message and instructions and instead recover their files by ensuring that their computers are wiped of these threats completely before restoring the files from the backup copies.
Since the Lick Ransomware attacks may happen on computers that may be infected with other threats, the best course of action is to wipe the entire drives completely and then to restore all data from the backups. Because of this, having backups of all data is the most important aspect of protecting your computer from ransomware attacks like the Lick Ransomware. While this is a characteristic of most ransomware, it's especially true on the Lick Ransomware, which seems to target inexperienced computer users that may have already become victims of a similar attack specifically. Malware analysts expect more attacks from the Lick Ransomware's family in the coming months.
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.