Lockerxxs Ransomware Description
The Lockerxxs Ransomware is a file-locking Trojan variant of Xorist Ransomware, a 'freeware' Trojan resource. It can stop the users' non-system files from opening by blocking them with encryption and includes a pop-up warning message with ransom demands. Users can recover from any available backups as preferable to paying a ransom and let a trusted security software brand remove the Lockerxxs Ransomware installation.
A File that's the Wrong 'One' for Anyone to Open
With little interval between campaigns, many threat actors are plundering Xorist Ransomware as a resource for locking files and turning their attacks into possible money-making opportunities. Old versions of this Windows-only threat like the AAC Ransomware and the Blocked2 Ransomware are minimally-different from newer ones, including the Locks Ransomware, the Files Fixer Ransomware and the Lockerxxs Ransomware. Users can always protect their files from the latest example, the Lockerxxs Ransomware, beforehand or 'enjoy' their data lockout.
The Lockerxxs Ransomware's samples arrive with the somewhat-generic names of 'one.exe.' Although the Lockerxxs Ransomware's payload has few changes worth much attention, the threat actor includes UPX packing as an anti-detection measure. This protection could keep out-of-date or poorly-designed security software from flagging the Trojan before it attacks.
For its payload, malware experts rate the Trojan's features as typical for a current-day variant of Xorist Ransomware:
- The Trojan encrypts media files (documents, pictures, music, archives, spreadsheets, etc.) so that they can't open.
- It also appends an extension, specific to this variant, onto the files' names for general identification.
- After sabotaging the data, the Trojan creates a pop-up alert that delivers its ransom demands for restoring the victim's data with a decryption service.
Although the Lockerxxs Ransomware uses English, it's not likely as the threat actor's first language. There are numerous grammar and spelling problems, but attackers often favor English, regardless, since it provides the Trojan with maximum linguistic compatibility with targets worldwide.
A Sleeker Way of Retrieving One's Files from a Closed Locker
With a one-size-fits-all ransom of over one thousand USD in Bitcoins, the Lockerxxs Ransomware's campaign might target home users or smaller businesses with equal impunity. Since malware researchers see no payments to its wallet, the Trojan might not be in wide circulation, although users should protect their files, regardless. Backing up files to other devices will keep Trojans, of Xorist Ransomware's family and elsewhere, from being the sole 'owners' of encrypted media.
Users also should prevent infections, when possible, due to the often-irreversible ramifications of encryption and associated attacks. Many threat actors circulate Trojans of the Lockerxxs Ransomware's type through e-mail tactics, such as fake attached invoices, resumes, or industry news. Others will target entities that use weak admin passwords and brute-force access into an account. Finally, users who download illegal content or unofficial updates also place their systems at risk for no good reason.
Despite the packing effort, most security solutions will flag this Trojan. A robust and up-to-date anti-malware application will remove the Lockerxxs Ransomware from compromised systems easily and alert the user to installation exploits.
The source of the Lockerxxs Ransomware's encryption feature isn't getting any weaker with age. As users remain overconfident about their operational safety and data preservation, the offspring of data-locking resources will take every advantage to turn it into a ransom.