LolKek Ransomware
The LolKek Ransomware is a crypto locker threat that, according to infosec researcher, is a newly created variant based on the BitRansomware malware. The goal of the threat is to infiltrate the targeted computer sneakily, proceed to encrypt the data stored on it, and then extort money from the affected users in exchange for the potential restoration of the encrypted files.
Victims of the LolKek Ransomware will notice that the names of their files have been changed to include '.ReadMe' as a new extension suddenly. More importantly, however, all of the files will be inaccessible and unusable. The consequences could be severe if the locked data contained business-related projects or information. The LolKek Ransomware drops a ransomware note with instructions to its victims in the form of text files named 'Read_Me.txt.'
While most modern ransomware threats provide a lengthy list of detailed instructions to users they affect, the LolKek Ransomware has decided to go in the opposite direction leaving only a bare minimum of details. Opening the 'Read_Me.txt' text files simply tells the users to send a message to the 'filessupport@cock.li' email address or create a ticket by following the provided link to a website created for that purpose.
Handling the aftermath of a ransomware attack can be difficult extremely. The best course of action is NOT even to contact the hackers as there are no guarantees that a decryption tool will even be sent or that it will decrypt the files successfully. Instead, users should look for a suitable backup of the created data before the ransomware infection. Before any restoration is attempted, the compromised system must be cleaned by using a professional anti-malware program.
The text delivered in the 'Read_Me.txt' files is:
Attention!
All your files are encrypted
if you want to recover files write to email filessupport@cock.li
or create ticket here: hxxps://yip.su/2QstD5
Table of Contents
Should I Pay the Ransom?
The attackers aren’t lying when they say only they have the decryption key. With that said, paying the ransom amount to the criminals is never the right thing to do. Paying them would mean that you lose your time and money as well as your data. There are many examples of cyber criminals not sending victims the decryption key after getting the payment.
Given that money is paid in the form of cryptocurrency, it is also impossible to track where the money goes and who gets it. You have no idea who the attacker is or what happens to your money. You should never trust an attacker to get your files back. Their job is to do everything they can to part you with your money.
Is it Possible to Recover Files Encrypted by LolKek Ransomware?
The good news is that getting your data back doesn’t need to be complicated. If you have an external backup on another device or on the cloud, you can get your important files back in an instant. It may be possible to restore your files without such a backup thanks to Shadow Volume Copies. These are the copies of data stored on your computer used for System Restore. There is also the option of using third-party data recovery tools. Modern data recovery tools are made with powerful algorithms to scan deep and restore data lost to virus attacks.
A word of warning, however, you shouldn’t attempt to restore your data until you remove LolKek ransomware. It would be best to scan your computer using an antimalware tool to remove the virus to prevent future infections. You don’t want to restore your data only to have it encrypted again instantly.
How Did Ransomware Get on My Computer?
There are several ways in which ransomware can get on your computer. Malware such as this typically invades through the use of spam email campaigns, untrustworthy download sources, illegal activation tools, fake software updates, and trojan viruses.
Spam emails are sent in the thousands as part of campaigns. These emails contain malicious download links or attachments containing malicious files. The files are typically Microsoft Office files like Word documents and Excel spreadsheets, but they could also be archive files and executable files. The email compels the reader to download the file or access the link. Interacting with the email like this downloads and installs the LolKek ransomware to your computer.
Untrusted file hosting services include free file hosting sites, P2P networks, and websites where malware is presented as legitimate software. Some malware authors disguise their viruses as legitimate freeware and upload it to free software sites. Check the reputation and reviews of free software before downloading it.
Illegal activation tools are packaged with illegal software downloads obtained through torrents. These activation tools often install malware as well as, or instead of, activating the licensed program. Finally, Trojan viruses are small malicious applications designed to sneak past antimalware programs and install malicious programs once inside a computer.
