LuckyJoe Ransomware

LuckyJoe Ransomware Description

Most cyber criminals tend to target systems running the Windows OS as it is by far the most popular OS worldwide. However, some opt to take up more niche markets. This is the case with the LuckyJoe Ransomware. The LuckyJoe Ransomware is tailored to target machines running the Linux OS. Often, Linux users wrongfully consider their systems impenetrable to any malware and completely overlook their cybersecurity, which makes them a lucrative target for cyber crooks.

Propagation and Encryption

The propagation methods involved in the spreading of the LuckyJoe Ransomware are not yet clear. Some researchers speculate that pirated bogus variants of popular software, mass spam email campaigns, and fake application updates may be among the infection vectors utilized by the authors of the LuckyJoe Ransomware. As soon as the LuckyJoe Ransomware infects a target, it will run a scan on the system so that it can determine the locations of the files of interest. These files will be marked for encryption. Then, the LuckyJoe Ransomware will begin the encryption process. Every newly locked file will have its name altered. The LuckyJoe Ransomware adds a ‘.GNNCRY’ extension at the end of the filename of each file. For example, an audio file previously named ‘protected-marine.mp3’ will be renamed to ‘protected-marine.mp3.GNNCRY.’

The Ransom Note

Next, the LuckyJoe Ransomware drops a ransom note. The note is called ‘GNNCRY_Readme.txt’ and reads:

'your id:
All your important documents has been encrypted with an military grade encryption algorithm.
There is no way to recover your files without a special key. Send us 0.05 bitcoin(BTC) to our Bitcoin address: 1Mm8EkUakWPmmozqrLM2F8LVizwwq5WSed
and contact us by Email with your id and Server IP and A Proof of payment. Any email without your id and server IP and a Proof of Payment together will be ignored. If we dont receive your payment in the next 7 Days, you will lost all files forever. Email: canyouseeme1@yandex.ru'

In the note, the attackers state that the ransom fee is 0.05 Bitcoin (~$500 at the time of typing this post). They also warn the victim that they have one week to pay the ransom fee or all their data will be permanently lost. The creators of the LuckyJoe Ransomware provide the user with an email address where they can be contacted – ‘canyouseeme1@yandex.ru’. So far, the Bitcoin wallet of the attackers is empty meaning that no victims have opted to pay the ransom fee.

If you have become a victim of the LuckyJoe Ransomware, we would recommend you to resist any urges to pay up or contact the cyber criminals responsible for the LuckyJoe Ransomware. Instead, you should use a reputable anti-malware solution to remove the LuckyJoe Ransomware from your system safely.

How Can You Detect Malware?

Download SpyHunter's Detection Scanner
to Detect Malware.
* SpyHunter's scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their PC with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.