LockMe Ransomware

LockMe Ransomware Description

There have been reports of infections involving the LockMe Ransomware, an encryption ransomware Trojan that was first observed on February 2, 2018. The most typical way in which a computer may become infected with the LockMe Ransomware is after the victims opening spam email attachments containing corrupted macro scripts that download and install the LockMe Ransomware onto the victim's PC. The LockMe Ransomware uses the AES 256 and RSA 2048 encryption algorithms to make the victims' computers inaccessible and take them hostage. The LockMe Ransomware includes components that allow third parties to determine the geographic location of the infected computer. There is little to differentiate the LockMe Ransomware from the numerous other encryption ransomware Trojans being used actively in attacks currently. The LockMe Ransomware targets English and Russian speakers in its attack primarily.

The LockMe Ransomware will Encipher Your Most Precious Files

After the victim opens a corrupted file containing a macro script that downloads and installs the LockMe Ransomware, this ransomware Trojan will scan the victim's computer in search for the user-generated files. The LockMe Ransomware will target a wide variety of file types in its attacks, generally avoiding Windows system files so that the infected computers can remain functional enough to allow the victim to pay a ransom amount after the infection. The following are some of the file types that may be targeted by the LockMe Ransomware attack:

.3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip.

The LockMe Ransomware will mark the files encrypted by the attack by adding the file extension '.lockme' to each affected file's name. The files encrypted by the LockMe Ransomware will no longer be recognized by Windows Explorer and will not be usable. The LockMe Ransomware will deliver a ransom note in the form of a text file dropped on the infected computer's desktop. This text file, named 'README_FOR_DECRYPT_YOUR_FILES.txt,' contains the following text:

'All of your files have been Encrypted with military grade system and impossible to brute force, cracking, or reverse engineering it !
If you want all of your files back send me 0.03 BTC .
[+] Your Unique ID : [RANDOM CHARACTERS]
[+] Send BTC To This Address : 1LockMeEPLr4ZRsoht8Wp6idBsT5TuBXtX
[+] Send BTC : 0.03 BTC
[+] Contact Email : LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com
*) Don't try change the '.lockme' extensions , if you change it , your all files can be broken and can't be restored forever .
*) If you've made a payment contact LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com .
*) If you not made a payment all of your private files will be leaked on internet (private photos, documents, videos, and more) .
Question : How to buy Bitcoin ?
Answer : You can buy Bitcoin at this Website : bitcoin.com , coinbase.com , cex.io , paxful.com , coinmama.com , etc .
[+] Your IP : [YOUR REAL IP ADDRESS]
[+] Your ID : [RANDOM CHARACTERS]'

Dealing with the LockMe Ransomware Infection

The people responsible for the LockMe Ransomware attack demand a ransom close to 2000 USD at the current Bitcoin exchange rate. In spite of that, security researchers counsel computer users to refrain from paying this amount. Instead, deleting the corrupted versions and replacing them with backup copies should restore the affected files.