LulzDecryptor Ransomware

The LulzDecryptor Ransomware is a file-locking Trojan that attacks Windows systems and encrypts their media, such as documents or images. Since this threat doesn't change files' names, the chief symptom of unusable data is the file's not opening. Users may restore their work with a free key or use their backups after deleting the LulzDecryptor Ransomware with appropriate security software.

Trojan Devs Laughing a Little Prematurely

A new Trojan is campaigning against Windows users, with a by-the-numbers business plan for reaping ransoms out of its attacks. However, technical deficiencies in this low-level threat hamper its potential for causing harm, assuming that victims don't panic and rush to paying without any due consideration. Still, malware experts can confirm that the case, the LulzDecryptor Ransomware, is a functional data blocker or file-locking Trojan.

The LulzDecryptor Ransomware uses a simple encryption routine that locks multiple formats of files so that they can't open by making their internal data unreadable. Unlike most Trojans with this capability, the LulzDecryptor Ransomware doesn't add extensions or other changes to the files' names. Accordingly, users might encounter some difficulties with identifying which files are the LulzDecryptor Ransomware's hostages and which still are usable.

The LulzDecryptor Ransomware infections are apparent after the fact relatively, courtesy of the large HTA pop-up it generates in the course of its payload. This English ransom message offers traditional demands like asking for several hundred dollars in Bitcoins (to a currently-empty wallet) under a deadline and warns users of the potential for additional operating system damage falsely. Although malware experts can't yet confirm whether the LulzDecryptor Ransomware deletes the Restore Points, its file-locking feature has other vulnerabilities (see this article's second half).

Wiping Out Trojan Comedy for Free

The LulzDecryptor Ransomware categorizes itself as an amateur effort out of the gate due to its use of a static decryption key for unlocking the victim's files. Inputting the key '4aEWaAMtxGnHPcvGnuxtEWYCPb5AxuC3ABcLRmz7AQZ2wdVpreduKK9C7LU7' in the appropriate field of the Trojan's pop-up should trigger a decryption and recovery process for all affected files. However, more professionally-coded Trojans of this type have a free decryptor rarely, and malware experts recommend all users back their works up to secure locations urgently.

The LulzDecryptor Ransomware is particular to Windows environments, though Android phones, macOS devices, and other operating systems also are at risk from different-but-similar threats. Malware researchers have yet to find infection vectors that are specific to the LulzDecryptor Ransomware. As a rule, most users can improve their defenses significantly by avoiding illicit downloads, unofficial updates, strange e-mail attachments, and content using exploitable features like Flash, Java, JavaScript or macros.

Windows users also have access to popular and well-developed services for blocking and deleting Trojans of this ilk on sight. Most anti-malware and cyber-security suites should catch and remove the LulzDecryptor Ransomware without trouble, and disinfection should always be left to these automated tools whenever possible.

The LulzDecryptor Ransomware isn't the only Trojan making the mistake of using a weak encryption routine. Examples like the Pokemon GO Ransomware go back years. While they can't compete with Ransomware-as-a-Service outfits, these Trojans are almost as threatening to users who respond to attacks on an emotional level before thinking through their options.