LMAOxUS Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 100 % (High) |
Infected Computers: | 9 |
First Seen: | April 6, 2017 |
Last Seen: | December 30, 2019 |
OS(es) Affected: | Windows |
The LMAOxUS Ransomware is a ransomware Trojan based on an open source ransomware Trojan released on Github and known as Stolich. Stolich is a project started by Ahmad Kazi, a programmer that goes by the online handle of 'empinel.' Stolich itself is a version of EDA2, another open source ransomware engine made public in recent years. The LMAOxUS Ransomware is derived from these free open source ransomware Trojans and is being used to attack computer users that participate in the computer game Minecraft. The LMAOxUS Ransomware is being distributed by disguising it as a cracked version of this famous computer game.
The LMAOxUS Ransomware - A Pompous Name of a Mere Threat
The LMAOxUS Ransomware is very similar to many variants of EDA2 that have already been active. The LMAOxUS Ransomware scans the victim's computer and makes a list of all files that will be encrypted in its attack. Using a strong encryption algorithm, the LMAOxUS Ransomware encrypts the victim's data, using a combination of the AES and RSA encryptions. The LMAOxUS Ransomware communicates with its Command and Control server to make the decryption key inaccessible to the computer user completely. The LMAOxUS Ransomware demands the payment of a ransom in exchange for the decryption key needed to recover the affected files. The LMAOxUS Ransomware's ransom note is contained in a text file named 'LMAO_READ_ME.txt' that is delivered to the infected computer's desktop. The LMAOxUS Ransomware also will attempt to connect to the website 'lmaoxus.gg' using the infected computer's default Web browser. The infected computer's desktop will be changed to a message on a black background with the following text:
'you've been
rekt by
LAMOxUS
better open that text file on your desktop if you ever
want to open your files again'
The LMAOxUS Ransomware's text based ransom note contains the following information:
'You've been rekt by LMAOxUS. your Personal Identifier is [RANDOM CHARACTERS]
Keep it handy if you want your data.
Visit - for more info.
Your expiration date is: [RANDOM CHARACTERS]'
The LMAOxUS Ransomware's website was removed from the Web shortly after the LMAOxUS Ransomware was first uncovered. However, it is likely that this website will pop-up again at another address. The text on this website read as follows:
'You've been hit by LMAOxUS
But there's still hope for you.
Send 0.1 BTC to 1Jek8L6HRj3pNpcAasgoV37eoHqLUMyYjU
Use any payment processor you want. I recommend Coinbase or Blockchain.info. If BTC is too hi-tech for you, send me an email, I'm sure we can work something out.
Once done, send an email to lmaoxus@safe-mail.net with the transaction details.
Listen fam. I don't care about your data. My goal is not to cause harm or to fuck with people just for the hell of it.
I'm just a broke college student in need of money. I have nothing personal against you. I promise I'll fix your data once I get payment.
If for whatever reason you're even more broke than me, well shoot me an email and give me your best sob story. I do have a heart.
Otherwise, you have until the date listed in your notepad until the server automatically deletes your decryption key.
After that date, there's nothing I can do.
So I wouldn't waste any more time. :)'
Dealing with the LMAOxUS Ransomware
It is advised that computer users do not pay the LMAOxUS Ransomware ransom. Fortunately, to date, it seems that the BitCoin wallet associated with the LMAOxUS Ransomware attack has received no payments. The best protection against the LMAOxUS Ransomware and other ransomware Trojans is to have backup copies of all files. Having backups allows computer users to ignore the extortionists' ransom demands completely since they can simply restore the affected files from the backup copy after removing the LMAOxUS Ransomware infection itself a security program that is fully up-to-date.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.