LockData Ransomware

The LockData Ransomware threat is designed to stop its victims from accessing their own files. The cybercriminals will then extort the affected users or companies for money, in exchange for the potential restoration of the locked files. The uncrackable cryptographic algorithm utilized by the malware ensures that the encrypted files will be virtually impossible to unlock without the decryption key that the attackers possess.

Instead of using a specific file extension as a way to mark the files it encrypts, the LockData Ransomware generates a random 4-character extension for each one. In addition, the threat will change the current desktop background with a new image and create a new text file named 'read_it.txt' on the system.

Ransom Note's Details

The main ransom note appears to be delivered via a text file. According to the instructions inside it, the hackers demand to be paid a ransom of exactly 5 BTC (Bitcoin). At the current price of the cryptocurrency, the demanded ransom is equal to $150, 000 approximately. Keep in mind that due to its inherent volatility, the Bitcoin price could change rapidly. The hackers expect the funds to be transferred to the crypto-wallet address provided in the note.

The message displayed as a desktop background contains additional details. If it can be believed, the cybercriminals also have managed to collect important information from the breached devices. Furthermore, it states that victims have just five days to reach an agreement with the threat actors responsible for LockData Ransomware. After that period, the exfiltrated private data will supposedly be published to the public on the Darkweb.

The ransom-demanding message found in the text file is:

'----> LockData is multi language ransomware. Translate your note to any language <----
All of your files have been encrypted
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?
Only if you pay the rasnom. Payment can be made in Bitcoin only.
How do I pay, where do I get Bitcoin?
Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search
yourself to find out how to buy Bitcoin.
Many of our customers have reported these sites to be fast and reliable:
Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com - hxxps://www.coinbase.com/

Payment informationAmount: 5 BTC
Bitcoin Address: bc1q7g29t9pyf87z20w4ym8zmkh50dl37ma9pjyhg

The message shown as a desktop background is:

LOCKDATA RANSOMWARE 1.0

ALL YOUR IMPORTANT FILES ARE STOLEN AND ENCRYPTED

FOR UNLOCK YOUR FILE YOU CAN READ OUR CONDITION YOU HAVE 5 DAYS OR ALL

YOUR DATA GONNA BE PUBLISHED ON DARKWEB.'