Loplup Ransomware
Cybersecurity researchers have uncovered a new threatening ransomware variant, based on the ZEPPELIN Ransomware family. The threat is known as the Loplup Ransomware and can be used in attack operations targeting the data of the victims. When executed onto a breached device, the Loplup Ransowmare will activate an encryption routine that will leave nearly all of the documents, pictures, photos, archives, databases, and other file types., in an unusable state. The attackers will then attempt to blackmail their victims to send them a ransom payment in exchange for the potential restoration of the affected data.
The threat will modify the names of all locked files. The new file extension added to the original names consists of '.loplup' followed by an ID string generated specifically for each victim. When all targeted files on the system have been processed, Loplup will drop a text file named '!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT,' which contains a ransom note.
According to the message left by the cybercriminals, victims can send one file to be decrypted for free as a demonstration. The file can be sent to the hackers' email address at 'loplup@cock.li' or by contacting them through the qTOX chat client. The ransom note doesn't mention the amount that the threat actors are trying to extort from their victims or if the sum must be transferred using a specific cryptocurrency.
The full text of the ransom note left by Loplup Ransomware is:
'!!! ALL YOUR FILES ARE ENCRYPTED !!!
All your files, documents, photos, databases and other important files are encrypted.
You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.
Only we can give you this key and only we can recover your files.To be sure we have the decryptor and it works you can send an email: loplup@cock.li and decrypt one file for free.
But this file should be of not valuable!Do you really want to restore your files?
Write to email: loplup@cock.liVisit hxxps://tox.chat/download.html
Download and install qTOX on your PC.
Open it, click "New Profile" and create profile.
Click "Add friends" button and search our contact - 126E30C4CC9DE90F79D1FA90830FDC2069A2E981ED26B6DC148DA8827FB3D63A1B46CFDEC191
Your personal ID:
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.'
