Lok Ransomware

Lok Ransomware Description

Cybercriminals are using a new ransomware threat to lock the data of their victims. Named Lok Ransomware, the threat utilizes a strong cryptographic algorithm in its encryption process. After it initiates its programming, the Lok Ransomware will affect a large number of filetypes including documents, PDFs, databases, archives and more.

During the encryption, the Lok Ransomware also will modify the original names of the files. More specifically, the threat will append a character string acting as the victim's ID, followed by an email address controlled by the attackers, and finally '.lok' as a new extension. The email address put in the names of the encrypted files is 'pedarsaggg@onionmail.org.'

The Lok Ransomware also will deliver a ransom note message in two different ways. First, the instructions of the hackers will be displayed in a pop-up window created via a 'Decryption-Guide.HTA' file. The same message will also be placed inside a 'Decryption-Guide.txt' text file.

Ransom Note's Details

The text of both ransom notes is identical. It clarifies that without paying for the decryptor tool and decryption possessed by the cybercriminals, restoration of the affected files is close to impossible. Victims also are instructed to locate a specific file that was created by threat in the C:/ProgramData directory. The name of the file could be a variation of 'RSAKEY-SE-24r6t523' or 'RSAKEY.KEY'. The contents of this file are crucial for the restoration process of the encrypted data. After finding the file, users are expected to send it to the 'pedarsaggg@onionmail.org' email address. The rest of the ransom note is taken up by various warnings.

The ful- text of Lok Ransomware's message is:

'Your Files Are Has Been Locked
Your Files Has Been Encrypted with cryptography Algorithm
If You Need Your Files And They are Important to You, Dont be shy Send Me an Email
Send Test File + The Key File on Your System (File Exist in C:/ProgramData example : RSAKEY-SE-24r6t523 pr RSAKEY.KEY) to Make Sure Your Files Can be Restored
Make an Agreement on Price with me and Pay
Get Decryption Tool + RSA Key AND Instruction For Decryption Process
Attention:
1- Do Not Rename or Modify The Files (You May loose That file)
2- Do Not Try To Use 3rd Party Apps or Recovery Tools ( if You want to do that make an copy from Files and try on them and Waste Your time )
3-Do not Reinstall Operation System(Windows) You may loose the key File and Loose Your Files
4-Do Not Always Trust to Middle mans and negotiators (some of them are good but some of them agree on 4000usd for example and Asked 10000usd From Client) this Was happened
Your Case ID :-
OUR Email :pedarsaggg@onionmail.org
.'

Related Posts