LockCrypt Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 80 % (High) |
| Infected Computers: | 120 |
| First Seen: | June 5, 2017 |
| Last Seen: | March 30, 2023 |
| OS(es) Affected: | Windows |
There is little to differentiate the LockCrypt Ransomware from other ransomware Trojans. The LockCrypt Ransomware carries out a typical encryption ransomware attack, using a strong encryption algorithm to make the victim's files inaccessible and then demanding the payment of a ransom to provide the means to recover the affected files. PC security analysts have uncovered numerous ransomware Trojans that use creative branding or themes to make their ransomware Trojans be more memorable and stand out from other threats. The LockCrypt Ransomware does not do this, carrying out a basic encryption ransomware attack with no specific pop-culture branding or other unique characteristic. However, the attack carried out by the LockCrypt Ransomware is effective and is a textbook example of how these threat attacks work. The most common distribution method for the LockCrypt Ransomware is the use of corrupted file attachments that may be part of spam email messages, which may use social engineering to trick computer users into opening the file attachment. These file attachments may take the form of DOCX or PDF files, which use corrupted macro scripts to download and install the LockCrypt Ransomware on the victim's computer.
How the LockCrypt Ransomware Attack Works
After the victim opens the file containing the corrupted macro script, the LockCrypt Ransomware will scan the victim's machine and begin encrypting the victim's files. The LockCrypt Ransomware will look for user-generated files in its attack. These may include music files, video files, and documents generated using software such as Microsoft Office, Libre Office, Adobe Photoshop and countless other programs. The LockCrypt Ransomware has a speedy encryption engine that makes the victim's files inaccessible quickly. After encrypting the victim's files, the LockCrypt Ransomware will change their names, making it a simple matter knowing which files the LockCrypt Ransomware has altered. The files encrypted with the LockCrypt Ransomware's AES-256 encryption algorithm will have their file names altered using the following pattern:
[base64 ENCODED NAME]== ID [16 RANDOM CHRACTERS].lock
After encrypting the victim's files, the LockCrypt Ransomware will deliver a ransom note, which alerts the victim of the attack supposedly. The LockCrypt Ransomware generates a program window named 'crypt' that includes the following cryptic text:
'privilige yes
ID [16 RANDOM CHARACTERS]
download key ok
[RANDOM NUMBER] files
[RANDOM NUMBER] skip files
[RANDOM NUMBER] s
1 threads
network y'
The LockCrypt Ransomware also drops a text document named 'ReadMe.txt' that has a more traditional ransom note. These alerts tell the victim of the attack and ask that the victim contacts the con artists (in this case to the email addresses d_dukens@aol.com or d_dukens@bitmessage.ch). When victims write to these email addresses, the con artists will demand a large ransom to be paid using BitCoins, an anonymous crypto-currency.
Protecting Your Computer against Ransomware Like the LockCrypt Ransomware
Because of the encryption method used in the LockCrypt Ransomware attack, the files that have become compromised in the infection may not be recoverable. This means that the best protection against the LockCrypt Ransomware and similar ransomware Trojans is to have backup copies of your files. Having file backups negates the LockCrypt Ransomware attack completely since the affected files can be recovered quickly by copying over the backup after removing the compromised files. The LockCrypt Ransomware infection itself is simple to remove with the help of a reliable security program, but once the LockCrypt Ransomware has encrypted a file, it will have to be replaced. This is what makes threats like the LockCrypt Ransomware so effective; even if the threat itself is removed, the damage is done, and the victim's files cannot be recovered without the decryption key. Fortunately, having file backups nullifies this attack strategy completely. In fact, if enough computer users have file backups on an external memory device or the cloud, threats like the LockCrypt Ransomware would die away since this attack strategy would no longer be viable.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.