Threat Database Ransomware RIP Lmao Ransomware

RIP Lmao Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 13
First Seen: July 24, 2009
Last Seen: January 12, 2021
OS(es) Affected: Windows

So far, the RIP Lmao Ransomware has not been classified as belonging to any of the already established ransomware families. However, it is a threat that encrypts files on the computer systems it manages to compromise with an uncrackable cryptographic algorithm. All affected files will be rendered inaccessible and unusable. Users will be locked out of their own private and business-related files effectively. 

When RIP Lmao encrypts a file, it appends '.jcrypt' to the native name of the file as a new extension. The threat then drops its ransom note in two different forms - as a pop-up window displayed to the victims and as text files named '___RECOVER__FILES__.jcrypt.txt.' 

Although the ransom notes are brief extremely, they contain all of the vital information that users might need. The threat displays the exact number of files it has encrypted, the specific ransom amount demanded by the hackers (reports state that the criminals want to receive 0.002 Bitcoin, which translates to $45 roughly, but the cryptocurrency is notorious for having an extremely volatile exchange rate so that amount may change) and the crypto wallet address for sending the money. When the transaction is completed, victims are expected to send the proof to an email address also provided in the ransom note - '' 

The text of the note displayed in the pop-up window is:

'Your files (count: 8) have been encrypted!

In order to recover your data...

Please send 0.002 Bitcoin(s) to the following BTC address:


Next, E-mail your transaction ID to the following address:'

More Information About RIP LMAO Ransomware

The ransom note goes into more detail about the virus, explaining the encryption uses AES encryption algorithms. The only way to break this lock is with tools offered by the cybercriminals behind the attack. Victims are to send 0.002 bitcoins to the bitcoin wallet in the note. They must also send the attackers the transaction ID to verify the transfer.

Users allegedly receive the decryption key or program after the payment clears. With that said, security experts suggest you don't trust the people behind the attack. There are no guarantees attackers will follow through and send the decryption tool. There is the risk that they will run away with your money and scam you instead of helping you. Experts recommend you never pay ransomware developers the money they ask for.

How Does RIP LMAO Get on Computers?

Ransomware developers have several ways to get their malicious tools on your computer. Malspam campaigns are the most prominent infiltration point. Cybercriminals send thousands of deceptive emails containing malicious links and file attachments.

The emails use carefully-worded messages to trick readers into accessing the file or link. These files come in various formats, including EXE, Word files, spreadsheets, and more. Opening the file is all it takes to infect a computer. Malware also spreads through freeware websites, file-hosting sites, and peer-to-peer networks. When users open these malicious files, they infect their computers.

Fake software updates are another popular method of spreading malware. These programs exploit the vulnerabilities they claim to fix or install malware rather than a promised update. Trojan virus infections are also responsible for malware. These are small viruses designed to break through any crack in antivirus programs and cause chain infections.

How to Restore Damaged Files

Users should not trust the people behind the attack to restore their damaged files. Sending money to the threat actors and waiting for them to send the decryption key or tool is risky at best. Threat actors almost always scam their targets and disappear as soon as they get the money. You should restore your damaged files by yourself. First, remove the virus from your computer. This won't undo the damage, but it does prevent more damage in the future. When the virus is gone from your computer, restore any corrupted data using a backup. If you don't have a backup to hand, you might find some success with file restoring software.

How to Prevent Malware Attacks

There are several steps you can take to protect your machine from viruses. The first is to avoid opening files and links from irrelevant emails and unrecognized email addresses. Be sure to download software from legitimate sources. Avoid downloading through file-hosting sites, third-party websites, and P2P networks. One of the most important things you can do is use official activation tools from official developers. Pirated software activation tools can't be trusted.

Ensure that you download and update an antivirus program to protect your computer against viruses like RIP LMAO. These tools are your first – and main – line of defense against viruses and hackers.


Most Viewed