LockOn Ransomware DescriptionType: Ransomware
The LockOn Ransomware is an encryption ransomware Trojan. What this means is that the LockOn Ransomware will be used to extort computer users through a well-known tactic: the LockOn Ransomware encrypts the victim's files using a strong encryption algorithm and then asks for a ransom to provide the decryption key necessary to restore the affected files. Encryption ransomware Trojans like the LockOn Ransomware are becoming more common increasingly so that it is more important than ever for computer users to take precautions to ensure that their data is well protected.
The LockOn Ransomware Pretends to be a Beneficial Program
The LockOn Ransomware will use a strong encryption algorithm to make the victim's files inaccessible. The LockOn Ransomware attacks were first reported on October 9th, 2017. The LockOn Ransomware is delivered through an executable file that seems to be named '[HOT][+18] CHECHER PORN.exe,' which claims to be a notification application so that computer users can be alerted about new pornographic material on various websites. This supposed application is meant to be bait so that victims will install the LockOn Ransomware on their computers (this is the trademark of Trojans, which rely on the victim's installing the threat themselves, thinking it to be some beneficial program). The LockOn Ransomware is based on HiddenTear, an open source encryption ransomware platform that has spawned countless variants.
How the LockOn Ransomware Carries out Its Attack
The LockOn Ransomware, like other HiddenTear variants, will use the AES 256 encryption to make the victim's files inaccessible. The LockOn Ransomware will target the following file types in its attack:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2.
A mix of the RSA and AES encryptions makes it impossible to restore the files encrypted by the attack without a decryption key. The files encrypted by the LockOn Ransomware attack become inaccessible, essentially having been taken hostage by the LockOn Ransomware. The LockOn Ransomware after encrypting the victim's files displays a ransom note where the payment of a ransom is required in exchange for the decryption key needed to restore the victim's files. The LockOn Ransomware's ransom note is displayed in a program window containing a notification that reads as follows:
'Your Files has been encrypted! ! :(.'
The ransom window uses a layout with gray, black, and yellow colors and the following message:
'The whole of your computer has just been encrypted by LockOn to unlock your computer and retrieve your file please pay the ransom to the address bitcoin!
Here are the steps:
1 - Go to: h[tt]ps://www.localbitcoins[.]com
2 - Create an account
3 - Collect the sum stipulated below in bitcoins
4 - Sent to the address bitcoins 1EhHaeQ5x8Q4wF62QwqRUfoFrbYo2PLR7c
5 - You will receive a key that will unlock your computer!
Any attempt to reverse the ransomware or other will result in a destruction of the computer!'
The LockOn Ransomware will display the same text in French, and it also seems to give victims a choice of the ransom note language, a feature seen before in a few ransomware Trojans. PC security researchers are against computer users pay the LockOn Ransomware ransom. There is little chance that the victim will be able to recover the files, and this only allows these people to continue creating and distributing threats like the LockOn Ransomware. Instead, you should take precautions, mainly by having file backups on the cloud or an external memory device.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.