Locknet Ransomware

Cybersecurity experts have recently uncovered a new ransomware threat known as Locknet, shedding light on its nefarious operations. Locknet is designed with the primary objective of encrypting files, rendering them inaccessible to their rightful owners. What sets Locknet apart is not only its encryption capabilities but the way it alters the filenames of the compromised files. In its course of action, Locknet appends the '.locknet' extension to the original filenames. This modification transforms files like '1.jpg' into '1.jpg.locknet,' and '2.png' into '2.png.locknet,' etc.

To further intensify the impact of its attack, Locknet includes a ransom note named 'HOW_TO_BACK_FILES.html.' This note serves as a message to victims, demanding a ransom for the decryption of their locked files. The ransom note presents instructions on how to pay the attackers in exchange for the decryption key.

One crucial detail to note is that Locknet is part of the MedusaLocker Ransomware family, indicating a potential link to other cybercriminal activities and tactics. This discovery not only highlights the evolving landscape of cyber threats but also underscores the necessity of robust cybersecurity measures to protect against such malicious software.

The Locknet Ransomware Infects Devices and Locks Victims' Data

The ransom note reveals that the fraud-related actors have infiltrated the victim's network and encrypted essential files using advanced cryptographic techniques - the RSA and AES encryption algorithms. The cybercriminals warn against attempting to restore these files using any third-party software, as such attempts could result in permanent damage to the encrypted data. The attackers assert that only they possess the key to decrypt the files, effectively holding the victim's data hostage.

In a bid to intensify the pressure on the victim, the ransom note states that if the payment of the ransom is not made in a timely manner, highly confidential data that the attackers have presumably accessed during the breach will be exposed to the public or sold. The attackers emphasize that their primary motivation is financial gain and not the tarnishing of the victim's reputation, attempting to rationalize their actions.

To demonstrate their decryption capabilities and presumably entice the victim into complying with their demands, the cybercriminals offer to decrypt 2-3 non-essential files free of charge. The ransom note concludes with contact information, providing email addresses ('crypt_group@outlook.com' and 'uncrypthelp@yahoo.com') for negotiations. However, it comes with a stern warning that the ransom amount will increase if the victim does not initiate contact within a limited time frame, typically 72 hours.

It's important to note that making ransom payments to cybercriminals is strongly discouraged, as it does not guarantee the retrieval of files and further perpetuates the illicit activities of these malicious actors. Instead, the victims are advised to promptly remove the ransomware from their infected systems, as allowing it to persist may lead to additional data loss and the potential for future attacks.

Take Measures to Block Malware from Invading Your Devices

To prevent malware from compromising your devices data, and privacy, there are several important precautions you can take:

• Use Security Software: Install reputable anti-malware software on your devices. Ensure that it's regularly updated to guard against the latest threats.
•  Keep Operating Systems and Software Updated: Regularly update your operating system, web browsers, and all software applications. These updates often include patches to address known security vulnerabilities.
•  Download from Trusted Sources: Only download apps, software, and files from official and trusted sources. Be cautious of third-party websites or unofficial app stores.
•  Use a Firewall: Enable and configure a firewall on your device to block incoming malicious traffic. Many operating systems have built-in firewalls.
•  Pay attention to Email Attachments and Links: When accessing email attachments or clicking on links, exercise caution, especially from unknown senders. Avoid downloading files or clicking on links in suspicious or unsolicited emails.
•  Use Unique Passwords: Create strong, unique passwords for your accounts and use a password manager to keep track of them. If possible, employ multi-factor authentication to add an extra layer of security.
•  Regular Backups: Regularly back up any important files and data to an external drive or a secure cloud service. In the unlucky event of a malware attack, you can restore your data from these backups.

• Beware of Phishing: Be careful with phishing attempts, where the on artists try to trick you into revealing sensitive information. Verify the legitimacy of emails and websites that request personal or financial information.
• Secure Your Wi-Fi: Use strong encryption (WPA3) for your Wi-Fi network and change default router login credentials. Don't use public Wi-Fi for sensitive activities without a VPN.
• Keep Yourself Educated: Stay informed about the latest malware threats and tactics. Knowledge is a key defense against falling victim to malware attacks.
• Regularly Scan for Malware: Periodically run malware scans on your devices using anti-malware software to catch any threats that may have slipped through.

By following these precautions and maintaining good security habits, you can reduce the risk of malware infections significantly and protect your devices and personal information from cyber threats.

The full text of the ransom note left by the Locknet Ransomware is:

'YOUR PERSONAL ID:

/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

If you can not use the above link, use the email:
crypt_group@outlook.com
uncrypthelp@yahoo.com

To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.'