Lokf Ransomware

Lokf Ransomware Description

Ransomware threats are among the most profitable malware out there. An increasing number of cyber crooks try their luck with building and propagating threats of this type, and some of them manage to generate a significant amount of revenue. At the beginning of November, malware experts spotted a new ransomware threat dubbed Lokf Ransomware. Upon dissecting it, they found that it belongs to the STOP Ransomware family – the most active ransomware family in all of 2019.

Propagation and Encryption

Cybersecurity researchers have not yet concluded how the Lokf Ransomware is being distributed. It is being speculated that the attackers likely rely on mass spam email campaigns. Usually, the emails would contain a message riddled with social engineering tricks that aim to get the user to launch the attached file by making it seem important yet harmless. It is very important to be wary of attachments in emails from unknown sources as they can cause you a fair bit of trouble. There are other propagation methods, but spam emails are by far the most popular technique. Once the Lokf Ransomware infects your computer, it will begin looking for the files it was programmed to target. Ransomware authors make sure their creations can lock almost all of the common file types and therefore ensure maximum destruction. Usually, threats like the Lokf Ransomware will encrypt .jpeg, .jpg, .pdf, .doc, .docx, .mp3, .mp4, .mov, .ppt, .pptx and countless other file types, which are likely to be found on any user’s system. When the Lokf Ransomware encrypts a targeted file, it also alters its file name by adding ‘.lokf’ extension to it. This means that, for example, an audio file that was called ‘daydream.mp3’ previously will be renamed to ‘daydream.mp3.lokf’ once the encryption process of the Lokf Ransomware is completed.

The Ransom Note

The Lokf Ransomware will drop a ransom note on the victim’s desktop named ‘_readme.txt’ – a trademark of file-locking Trojans that belong to the STOP Ransomware family. The attackers demand $980 as a ransom fee but claim that victims who make contact with them within 72 hours will only have to pay half of the original price - $490. As a way to prove to the user that they are capable of unlocking the damaged files, the creators of the Lokf Ransomware offer to unlock one file free of charge, as long as it does not contain any important data. The authors of the Lokf Ransomware provide two email addresses where the user can get in touch with them – ‘salesrestoresoftware@firemail.cc’ and ‘salesrestoresoftware@gmail.com.’

It is not recommended to contact cybercriminals, and it is certainly not a good idea to give them your hard-earned cash. Such individuals are known to trick users into paying the ransom fee but never holding up their end of the deal. A safer approach in this difficult situation is to trust a reputable anti-malware solution to clear your system of the Lokf Ransomware.