LockCrypt 2.0 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 120 |
| First Seen: | June 5, 2017 |
| Last Seen: | March 30, 2023 |
| OS(es) Affected: | Windows |
The LockCrypt 2.0 Ransomware is a ransomware Trojan that updates a threat that was first observed in April 2018. The first version of the LockCrypt 2.0 Ransomware had a flaw in its encryption method, which allows PC security researchers to help computer users restore their files after an attack. However, the criminals have updated the LockCrypt 2.0 Ransomware to prevent security researchers from helping the victims recover their files. The LockCrypt 2.0 Ransomware was updated in a variety of ways, apart from the fact that it updates its encryption method. The LockCrypt 2.0 Ransomware updates its distribution method, as well as several other aspects of the LockCrypt 2.0 Ransomware attack. The LockCrypt 2.0 Ransomware is installed onto the victims' computers manually by taking advantage of vulnerabilities in RDP (Remote Desktop Protocol) or other components. The LockCrypt 2.0 Ransomware also launches a window with a timer that allows the criminals to track how the LockCrypt 2.0 Ransomware carries out its attack. The LockCrypt 2.0 Ransomware will alter the files' names after they are encrypted, adding an ID number to each file's name, as well as the file extension '.BI_ID' to identify the files compromised by the LockCrypt 2.0 Ransomware attack.
How the LockCrypt 2.0 Ransomware Attacks a Computer
The main upgrade introduced in this version of the LockCrypt 2.0 Ransomware Trojan is the use of the AES 256 and RSA 2048 encryptions to make the victim's files inaccessible. This encryption method, seen in most successful encryption ransomware Trojans, guarantees that the victim's files will be unrecoverable after the attack has been carried out. The LockCrypt 2.0 Ransomware's decryption key is contained in a file named 'DECODE.key,' which must be sent to the criminals responsible for the LockCrypt 2.0 Ransomware attack to recover the affected files. However, it is highly unlikely that the criminals responsible for the LockCrypt 2.0 Ransomware can help victims recover or have any interest in doing so, and in most cases, the victim's files will be locked away forever. The LockCrypt 2.0 Ransomware will target a variety of the user-generated files, which may include files with the following extensions:
.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.
Threats like the LockCrypt 2.0 Ransomware tend to avoid the Windows system files since they require the victim's operating system to remain functional so that the victim can access a ransom note and then contact the criminals to pay the ransom.
The Ransom Note Displayed by the LockCrypt 2.0 Ransomware
The LockCrypt 2.0 Ransomware's ransom note is contained in a text file named 'How To Restore Files.txt,' which asks the victims to contact the criminals using email and claims that a single small file can be recovered for free to prove that the criminals are capable of doing so. The contact email used by the LockCrypt 2.0 Ransomware's creators is big_decryptor@aol.com. PC security researchers advise PC users to not contact the criminals since this often puts the computer users at risk for further infections or attacks and very rarely will result in the files being recovered. Instead, computer users are advised to have file backups on the cloud or an external memory device to restore files encrypted by attacks like the LockCrypt 2.0 Ransomware.
