LIZARD Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 12 |
First Seen: | July 24, 2009 |
Last Seen: | April 19, 2021 |
OS(es) Affected: | Windows |
The LIZARD Ransomware is a file-locking Trojan that's an update of the old LANDSLIDE Ransomware. The LIZARD Ransomware continues attacking the user's files by encrypting likely-ransom-suitable formats, such as documents and creates text terminal-themed pop-up alerts. Withholding the ransom and restoring from safe backups is the recommended ideal for most users, and most Windows cyber-security products should delete the LIZARD Ransomware appropriately.
Table of Contents
Servers Contaminated by Skittering Software
After the recent unveiling of a LANDSLIDE Ransomware clone, the SUMMON Ransomware, it ought to surprise no one that another variant is in the threat landscape. The LIZARD Ransomware is a confirmed member of the now-apparent family, which uses typical encryption attacks for sabotaging victims' data. The most-identifying element, a text-based pop-up, remains a defining feature in the LIZARD Ransomware's payload.
The LIZARD Ransomware blocks users' media files (documents, spreadsheets, pictures, and other content) with a secure encryption routine that doesn't have a free unlocking application. The Trojan includes extensive changes to their names that help victims identify the non-opening content: a Yandex e-mail address, an ID and a 'LIZARD' extension. It is notable that the LIZARD Ransomware's e-mail uses a Russian domain and continues the theme of LANDSLIDE Ransomware's targeting Russian users, more likely than not.
Although many file-locking Trojans use HTA-based pop-up windows, the style in favor here is memorable. Its pop-up red, green, and white text in a format similar to that of a pure text terminal UI and includes programming-like parentheses warnings. The message is mostly identical to that of previous LANDSLIDE Ransomware samples and retains a reference to Russian currency in its unlocker-selling offer.
Since criminals can take their payment without bothering with unlocking the victim's files, malware experts recommend against paying the Bitcoin ransom, if possible.
Another Reptile that can Go Extinct with the File-Ransoming Industry
Servers under attack by file-locking Trojans usually owe their infections to careless administrators. Software vulnerabilities in infrastructure like WordPress play significant roles in helping attackers hack into servers and run their Trojans manually. Besides patching software, admins also should look to their passwords and make sure that the credentials aren't so simple or common that a brute-force attack could 'guess' them.
There isn't free decryption or unlocking software for LANDSLIDE Ransomware. This unfortunate limitation applies just as well to variants like the LIZARD Ransomware and, possibly, SUMMON Ransomware. Windows users should protect their work by saving backups to areas that Trojans can't target, such as cloud services or detachable USB drives. Doing so eliminates any leverage from the LIZARD Ransomware attacks and lets victims focus on disinfection.
The only significant stealth malware experts discern in this Trojan, so far, is UPX packing. This protection is inadequate against most PC security products, which remain preferable for deleting the LIZARD Ransomware and stopping installation exploits.
The LIZARD Ransomware may scurry into files without permission, but users enable it through poor perimeter security. Safety standards and data preservation habits come in handy against all file-locking Trojans, whether they're rip-offs of old ones or newfound threats.
Aliases
4 security vendors flagged this file as malicious.
Anti-Virus Software | Detection |
---|---|
McAfee-GW-Edition | Trojan.Clicker.Delf.CT |
Ikarus | Trojan-Clicker.Delf.CT |
AntiVir | TR/Clicker.Delf.CT |
a-squared | Trojan-Clicker.Delf.CT!IK |
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | diskperff.dll | 0be52be18a8508b65f33e704b3e63242 | 0 |