Lukitus Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 60 % (Medium) |
| Infected Computers: | 4,539 |
| First Seen: | August 17, 2017 |
| Last Seen: | February 21, 2023 |
| OS(es) Affected: | Windows |
The Lukitus Ransomware is an encryption ransomware Trojan that encrypts its victims' files to demand a ransom. The Lukitus Ransomware is a variant of Locky. The Lukitus Ransomware will renamethe files encrypted in the Lukitus Ransomware attack following the naming scheme detailed below:
[8_random_characters]-[4_random_characters]-[4_random_characters]-[8_random_characters]-[12_random_characters].lukitus
The Lukitus Ransomware uses a combination of the AES 256 and RSA 2048 encryptions to make the victim's files inaccessible. After the attack, the Lukitus Ransomware demands a payment of 0.15 Bitcoin (approximately $300 USD at the current exchange rate). To demand its ransom payment, the Lukitus Ransomware delivers its ransom note in three different files dropped on the infected computer's desktop:
- Lukitus.html
- Lukitus_[4_digit_number].html
- Lukitus.bmp.
The Lukitus Ransomware Targets Numerous File Types
Ransomware attacks like the Lukitus Ransomware are quite common and have increased in frequency in the last couple of years. The Lukitus Ransomware is designed to infect computers using the Windows operating system and is capable of infecting the latest versions of this operating system. In its attack, the Lukitus Ransomware searches for file types with certain extensions, generally targeting the user-generated files rather than the files used by the infected computer's operating system. Some of the file types that are encrypted by the Lukitus Ransomware attack include:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt.
The Lukitus Ransomware's ransom note is delivered by changing the infected computer's desktop image and dropping a series of HTML files on the infected PC. The full text of the Lukitus Ransomware's ransom note is transcript below:
'IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
hxxps://en.wikipedia.org/wiki/RSA_(cryptosystem)
hxxps://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
[edited]
If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser: hxxps://www.torproject.org/download/download-easy.html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: [edited]
4. Follow the instructions on the site.
!!! Your personal identification ID: [edited]'
Dealing with a Lukitus Ransomware Infection
Unfortunately, the files encrypted by the Lukitus Ransomware attack are not recoverable without the decryption key (which the con artists keep with them). Because of this, the best solution against the Lukitus Ransomware and similar threats is to have file backups. File backups allow computer users to restore their data from a backup directly without requiring them to have to negotiate with the people responsible for the Lukitus Ransomware attack. Apart from file backups, it is also important that computer users have a reliable security program that is fully up-to-date. The combination of file backups and strong security measures will help to prevent threat attacks like the Lukitus Ransomware greatly.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.