LockCrypt Ransomware DescriptionType: Trojan
There is little to differentiate the LockCrypt Ransomware from other ransomware Trojans. The LockCrypt Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible and then demanding the payment of a ransom to provide the means to recover the affected files. PC security analysts have uncovered numerous ransomware Trojans that use creative branding or themes to make their ransomware Trojans be more memorable and stand out from other threats. The LockCrypt Ransomware does not do this, carrying out a basic encryption ransomware attack with no specific pop-culture branding or other unique characteristic. However, the attack carried out by the LockCrypt Ransomware is effective and is a textbook example of how these threat attacks work. The most common distribution method for the LockCrypt Ransomware is the use of corrupted file attachments that may be part of spam email messages, which may use social engineering to trick computer users into opening the file attachment. These file attachments may take the form of DOCX or PDF files, which use corrupted macro scripts to download and install the LockCrypt Ransomware on the victim's computer.
How the LockCrypt Ransomware Attack Works
After the victim opens the file containing the corrupted macro script, the LockCrypt Ransomware will scan the victim's machine and begin encrypting the victim's files. The LockCrypt Ransomware will look for user-generated files in its attack. These may include music files, video files, and documents generated using software such as Microsoft Office, Libre Office, Adobe Photoshop and countless other programs. The LockCrypt Ransomware has a speedy encryption engine that makes the victim's files inaccessible quickly. After encrypting the victim's files, the LockCrypt Ransomware will change their names, making it a simple matter knowing which files the LockCrypt Ransomware has altered. The files encrypted with the LockCrypt Ransomware's AES-256 encryption algorithm will have their file names altered using the following pattern:
[base64 ENCODED NAME]== ID [16 RANDOM CHRACTERS].lock
After encrypting the victim's files, the LockCrypt Ransomware will deliver a ransom note, which alerts the victim of the attack supposedly. The LockCrypt Ransomware generates a program window named 'crypt' that includes the following cryptic text:
ID [16 RANDOM CHARACTERS]
download key ok
[RANDOM NUMBER] files
[RANDOM NUMBER] skip files
[RANDOM NUMBER] s
The LockCrypt Ransomware also drops a text document named 'ReadMe.txt' that has a more traditional ransom note. These alerts tell the victim of the attack and ask that the victim contacts the con artists (in this case to the email addresses firstname.lastname@example.org or email@example.com). When victims write to these email addresses, the con artists will demand a large ransom to be paid using BitCoins, an anonymous crypto-currency.
Protecting Your Computer against Ransomware Like the LockCrypt Ransomware
Because of the encryption method used in the LockCrypt Ransomware attack, the files that have become compromised in the infection may not be recoverable. This means that the best protection against the LockCrypt Ransomware and similar ransomware Trojans is to have backup copies of your files. Having file backups negates the LockCrypt Ransomware attack completely since the affected files can be recovered quickly by copying over the backup after removing the compromised files. The LockCrypt Ransomware infection itself is simple to remove with the help of a reliable security program, but once the LockCrypt Ransomware has encrypted a file, it will have to be replaced. This is what makes threats like the LockCrypt Ransomware so effective; even if the threat itself is removed, the damage is done, and the victim's files cannot be recovered without the decryption key. Fortunately, having file backups nullifies this attack strategy completely. In fact, if enough computer users have file backups on an external memory device or the cloud, threats like the LockCrypt Ransomware would die away since this attack strategy would no longer be viable.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.