Threat Database Ransomware LuckyJoe Ransomware

LuckyJoe Ransomware

By GoldSparrow in Ransomware

Most cyber criminals tend to target systems running the Windows OS as it is by far the most popular OS worldwide. However, some opt to take up more niche markets. This is the case with the LuckyJoe Ransomware. The LuckyJoe Ransomware is tailored to target machines running the Linux OS. Often, Linux users wrongfully consider their systems impenetrable to any malware and completely overlook their cybersecurity, which makes them a lucrative target for cyber crooks.

Propagation and Encryption

The propagation methods involved in the spreading of the LuckyJoe Ransomware are not yet clear. Some researchers speculate that pirated bogus variants of popular software, mass spam email campaigns, and fake application updates may be among the infection vectors utilized by the authors of the LuckyJoe Ransomware. As soon as the LuckyJoe Ransomware infects a target, it will run a scan on the system so that it can determine the locations of the files of interest. These files will be marked for encryption. Then, the LuckyJoe Ransomware will begin the encryption process. Every newly locked file will have its name altered. The LuckyJoe Ransomware adds a ‘.GNNCRY’ extension at the end of the filename of each file. For example, an audio file previously named ‘protected-marine.mp3’ will be renamed to ‘protected-marine.mp3.GNNCRY.’

The Ransom Note

Next, the LuckyJoe Ransomware drops a ransom note. The note is called ‘GNNCRY_Readme.txt’ and reads:

'your id:
All your important documents has been encrypted with an military grade encryption algorithm.
There is no way to recover your files without a special key. Send us 0.05 bitcoin(BTC) to our Bitcoin address: 1Mm8EkUakWPmmozqrLM2F8LVizwwq5WSed
and contact us by Email with your id and Server IP and A Proof of payment. Any email without your id and server IP and a Proof of Payment together will be ignored. If we dont receive your payment in the next 7 Days, you will lost all files forever. Email:'

In the note, the attackers state that the ransom fee is 0.05 Bitcoin (~$500 at the time of typing this post). They also warn the victim that they have one week to pay the ransom fee or all their data will be permanently lost. The creators of the LuckyJoe Ransomware provide the user with an email address where they can be contacted – ‘’. So far, the Bitcoin wallet of the attackers is empty meaning that no victims have opted to pay the ransom fee.

If you have become a victim of the LuckyJoe Ransomware, we would recommend you to resist any urges to pay up or contact the cyber criminals responsible for the LuckyJoe Ransomware. Instead, you should use a reputable anti-malware solution to remove the LuckyJoe Ransomware from your system safely.


Most Viewed