Lilocked Ransomware

Lilocked Ransomware Description

The Lilocked Ransomware is a data-locking Trojan that was spotted by malware researchers recently. Ransomware threats are growing in popularity because they are often perceived by cyber crooks as an easy method to generate cash.

Propagation and Encryption

Cybersecurity experts have not been able to determine with any certainty what are the exact methods of propagation used by the authors of the Lilocked Ransomware. Some speculate that the creators of this ransomware threat may be using some of the most popular methods of spreading threats of this type – emails that contain macro-laced attachments, infected pirated application downloaded from unsafe websites, and faux software updates. Once the Lilocked Ransomware infiltrates your PC it will scan it. The scan will determine the locations of the files, which will be locked. This ransomware strain focuses on files that you would not find on the computer of the average user - HTML, SHTML, CSS, and PHP files are just of its targets exclusively, but it also may go after specific files such as 'php.ini' (an important configuration file found on most Web servers). The next phase of the attack is the encryption process. Using an encryption algorithm, the Lilocked Ransomware locks all the targeted files. The Lilocked Ransomware changes the extension of the newly encrypted files by adding a ‘.lilocked’ extension at the end of the names. This means that a file, which you have named ‘summer-time.jpeg’ will be renamed to ‘summer-time.jpeg.lilocked’ once it gets locked by this ransomware threat.

The Ransom Note

Next, the Lilocked Ransomware drops its ransom note, which is named ‘#README.lilocked.’ Often, the authors of threats of this type will name their ransom notes with all caps so that the user spots the note and reads their message easily. The ransom note reads:

’WE APOLOGIZE BUT YOU NEED TO PAY THE RANSOM - ALL YOUR FILES HAS BEEN LILOCKED
IT IS STRONG ENCRYPTION AND YOU LOSS YOUR DATA UNLESS YOU PAY US
PLEASE VISIT OUR SITE WITH TOR https://www.torproject.org/download/

y7mfrrjkzql32nwcmgzwp3zxaqktqywrwvzfni4hm4sebtpw5kuhjzqd.onion

COPY THE FOLLOWING KEY THERE AND FOLLOW THE INSTRUCTIONS, YOUR KEY IS’

It is fairly ironic that the attackers have put in the effort to be polite while also tricking you out of your money. The authors of the Lilocked Ransomware have not mentioned a specific sum and have not provided an email address for contact. Instead, they give out a TOR-hosted website located on the Deep Web, which can only be accessed via the TOR browser. The Deep Web is the mecca of cybercrime and illicit activities of all types.

We recommend you to keep your distance when it comes to cybercriminals like the ones behind the Lilocked Ransomware. Nothing good comes out of bargaining with such individuals as they often have years of experience in tricking people. Instead, you should download and install a legitimate anti-spyware application, which will wipe off the Lilocked Ransomware from your system. Then, you can attempt to recover some of the locked files using a third-party data-recovery tool.