LockBox Ransomware

The LockBox Ransomware is an encryption ransomware Trojan that was first seen by malware researchers during the first week of August 2017. The LockBox Ransomware is a typical version of a ransomware hoax that has become so popular in recent years. One aspect of the LockBox Ransomware that sets it apart from many other ransomware Trojans active today is that the LockBox Ransomware contacts its Command and Control servers through an open source application named 'mORMot.' The LockBox Ransomware's Command and Control servers are located on the Dark Web and are used to receive information about the infected computers, decryption keys, and to relay commands to threats like the LockBox Ransomware.

How the LockBox Ransomware Infection Works

The most common way in which the LockBox Ransomware is delivered to victims is through the use of corrupted spam email attachments. These email attachments will often take the form of Microsoft Word documents that include corrupted macro scripts that download and install the LockBox Ransomware on the victim's computer. The LockBox Ransomware infection itself is typical of these threats: the LockBox Ransomware will encrypt the victim's files and then demand a ransom. The ransom demanded by the LockBox Ransomware is close to $1000 USD. The LockBox Ransomware will target the user-generated files, including photos, movies, music, and files associated with in-demand software such as Microsoft Word or Adobe Photoshop. The LockBox Ransomware uses a strong encryption algorithm to make the victim's files inaccessible. After encrypting the victim's data, the LockBox Ransomware will deliver a ransom note to the victim, which commonly takes the form of a text file. This file, which may be named 'Instruction,' 'How_to_Decrypt_Files,' or ReadMe' will deliver the following message to the victim of the LockBox Ransomware attack:

'We found that all your files are encrypted with AES-256 algorithm.
Fortunately, we can help you decrypt your files.
To help you, you must write a message to us on our email trevinomason1@mail.com.
In the message, you must write your PERSONAL KEY, which is written at the end of this manual, and you must also attach no more than 3 encrypted files of no more than 2 mb each.
If you didn't receive a reply within 24 hours after your message, please duplicate your message by email salvatoreolsond598d@gmail.com
If after 24 hours you still have not received an answer, you need to register a tor-email on link hxxp://torbox3uiot6wchz.onion.to or hxxp://torbox3uiot6wchz.onion.gq
And write a message to the tor-mail trevinomason1@torbox3uiot6wchz.onion
ATTENTION: The message must be sent from the tor-mail, otherwise it will not be delivered and will not be read by us.
Also you can register tor-mail at the link hxxp://torbox3uiot6wchz.onion (this link can only be opened in the tor browser hxxp://www.torproject.org/)
—-PERSONAL KEY—-'

The victim is instructed to communicate with the people responsible for the LockBox Ransomware attack and to pay a large ransom. Computer users should avoid doing this. The people responsible for the LockBox Ransomware attack will rarely follow through on their promise to help computer users recover their data. Furthermore, paying these ransoms provide the means for the con artists to continue developing and financing threats like the LockBox Ransomware. Victims that pay these ransoms may be ignored or, in the worst cases, targeted for further attacks, harassment, and higher ransom demands.

Preventing Threat Infections Like the LockBox Ransomware

Since the files affected by the LockBox Ransomware attack become damaged permanently, the best measure against the LockBox Ransomware and similar threats is to take preventive action. The best preventive measures computer users can take is to use a reliable anti-malware program to attempt to intercept the LockBox Ransomware infection. It is essential to have file backups, which can help computer users recover their files in the case of an attack like the LockBox Ransomware. Both of these measures together will protect against the LockBox Ransomware and most other encryption Trojans.