Lalaland Ransomware
The Lalaland Ransomware is a file-locking Trojan that derives from the VoidCrypt Ransomware family. The Lalaland Ransomware blocks files for ransoming the unlocking service to victims for a ransom. Users should always back their files up for recovering without risking ransoms and let their anti-malware solutions quarantine or delete the Lalaland Ransomware from their computers.
Entering a Land of Blocked Files
Courtesy of the VoidCrypt Ransomware's family, Windows users might experience yet another source of file-blocking attacks. The Lalaland Ransomware, caught near the same time as its brother, the Exploit Ransomware, uses highly-similar attacks and even the exact ransom wording – except for new e-mail addresses. However, as a new variant, it amounts to even more infection possibilities for anyone on Windows, via exploits that malware experts can't yet confirm.
The Lalaland Ransomware uses AES encryption for locking media files from opening; some examples of target formats include Word DOCs, BMP pictures or MP4 audio clips. The Windows Trojan also shows indications of other attacks, such as:
- Disabling server-managing applications like SQL Server
- Deleting WBAdmin backups
- Adding extensions to locked files (e-mails, IDs, and 'lalaland' strings)
Lastly, the Lalaland Ransomware creates an HTA ransom note, identical to the Exploit Ransomware's equivalent, except that it changes the e-mail addresses. The contents are traditional for file-locker Trojans with a deadline before the ransom increases and a free demonstration offer. Malware analysts still suggest against paying due to the uncertainty of ransom transactions for data recovery.
Skirting around the Land Where Trojans Rule
Like the Spade Ransomware or the Exploit Kit Ransomware, the Lalaland Ransomware, and other members of the VoidCrypt Ransomware family, use a protected encryption routine. Users should save backups on different drives or systems for the best recovery chances from any attacks from this threat. Malware researchers particularly recommend detachable storage or password-protected cloud services.
No specific exploits are tying back to the Lalaland Ransomware campaign so far. Windows users at risk should consider using strong passwords for preventing brute-force hacks, disabling features of high risk like Flash or JavaScript, and maintaining up-to-date software. Although the Lalaland Ransomware doesn't harm the underlying operating system, most personal or work-related media can be kept in permanent non-opening status after the Trojan loads all of its payload.
Besides backups on other devices, security software is the single most essential tool for stopping most file-locking Trojans, including the VoidCrypt Ransomware's children. Users should remove the Lalaland Ransomware as soon as possible after detecting it, with the caveat that preserved samples could be useful for interested security researchers.
The Lalaland Ransomware's payload is of particular danger to vulnerable Web servers, but encryption attacks are problems for most PCs. No one should put all their digital eggs in a single basket when just a brush with the Trojan threat landscape makes for irreversible harm.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.