LokiLok Ransomware
Cybersecurity researchers have identified a threat named LokiLok Ransomware recently. Even though the threat is not entirely unique since it is a variant based on the Chaos malware, its threatening capabilities should not be underestimated in the slighted. Indeed, if LokiLok is capable of successfully infiltrating a targeted computer system, it will proceed to lock the vast majority of the data stored there. The use of a strong encryption algorithm will prevent the victims from restoring the affected files without assistance from the attackers.
One of the signs of an infection by this threat is that each locked file will have '.LokiLok' added to its original name. The malware also will change the current desktop background with a new image. Finally, victims will notice that a new text file named 'read_me.txt' has appeared on the breached device. The file will contain a ransom note with instructions from the threat actors.
Ransom Note's Overview
The ransom-demanding message of the LokiLok Ransomware doesn't mention the exact sum that the attackers want to receive as a ransom. It simply instructs the victims of the threat to establish contact by messaging the 'tutanota101214@tutanota.com' email address. No other communication channels are provided. However, the hackers offer to decrypt two locked files for free. The chosen files must have simple extensions, such as .jpg, .doc, .Xls, etc. and not be larger than 1MB in size.
The full text of the ransom note is:
'………………………………………….Hello! All of your files have been ENCRYPTED……………………………..
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help.What can I do to get my files back?You can buy our special
decryption software, this software will allow you to recover all of your data and remove the
ransomware from your computer.
Personal ID:To decrypt your files you need write to email: tutanota101214@tutanota.com<;<<<<<<<<
What about guarantees?
Its just a business. We absolutely do not care about you and your deals, except getting benefits.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!)
and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee. encrypted files for trial decryption.Do not try restore files without our help, this is useless, and can destroy your data permanetly.
However, the files can be recovered even after the removal of our program and even after
reinstalling the operating system.'