Lilocked Ransomware Description
The Lilocked Ransomware is a data-locking Trojan that was spotted by malware researchers recently. Ransomware threats are growing in popularity because they are often perceived by cyber crooks as an easy method to generate cash.
Propagation and Encryption
Cybersecurity experts have not been able to determine with any certainty what are the exact methods of propagation used by the authors of the Lilocked Ransomware. Some speculate that the creators of this ransomware threat may be using some of the most popular methods of spreading threats of this type – emails that contain macro-laced attachments, infected pirated application downloaded from unsafe websites, and faux software updates. Once the Lilocked Ransomware infiltrates your PC it will scan it. The scan will determine the locations of the files, which will be locked. This ransomware strain focuses on files that you would not find on the computer of the average user - HTML, SHTML, CSS, and PHP files are just of its targets exclusively, but it also may go after specific files such as 'php.ini' (an important configuration file found on most Web servers). The next phase of the attack is the encryption process. Using an encryption algorithm, the Lilocked Ransomware locks all the targeted files. The Lilocked Ransomware changes the extension of the newly encrypted files by adding a ‘.lilocked’ extension at the end of the names. This means that a file, which you have named ‘summer-time.jpeg’ will be renamed to ‘summer-time.jpeg.lilocked’ once it gets locked by this ransomware threat.
The Ransom Note
Next, the Lilocked Ransomware drops its ransom note, which is named ‘#README.lilocked.’ Often, the authors of threats of this type will name their ransom notes with all caps so that the user spots the note and reads their message easily. The ransom note reads:
’WE APOLOGIZE BUT YOU NEED TO PAY THE RANSOM - ALL YOUR FILES HAS BEEN LILOCKED
IT IS STRONG ENCRYPTION AND YOU LOSS YOUR DATA UNLESS YOU PAY US
PLEASE VISIT OUR SITE WITH TOR https://www.torproject.org/download/
COPY THE FOLLOWING KEY THERE AND FOLLOW THE INSTRUCTIONS, YOUR KEY IS’
It is fairly ironic that the attackers have put in the effort to be polite while also tricking you out of your money. The authors of the Lilocked Ransomware have not mentioned a specific sum and have not provided an email address for contact. Instead, they give out a TOR-hosted website located on the Deep Web, which can only be accessed via the TOR browser. The Deep Web is the mecca of cybercrime and illicit activities of all types.
We recommend you to keep your distance when it comes to cybercriminals like the ones behind the Lilocked Ransomware. Nothing good comes out of bargaining with such individuals as they often have years of experience in tricking people. Instead, you should download and install a legitimate anti-spyware application, which will wipe off the Lilocked Ransomware from your system. Then, you can attempt to recover some of the locked files using a third-party data-recovery tool.
Do You Suspect Your PC May Be Infected with Lilocked Ransomware & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Lilocked Ransomware as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.