Home Malware Programs Ransomware LockBit Ransomware

LockBit Ransomware

Posted: December 4, 2019

The LockBit Ransomware is an independent file-locking Trojan that can block your PC's files through encryption. Besides this attack, the LockBit Ransomware may alter their extensions and create ransom messages, as well as change Internet and security settings automatically. Let your anti-malware tools remove the LockBit Ransomware as soon as they identify it and keep secured backups for a ransom-free recovery.

Lone Trojans Coming for What's Yours – Digitally and Monetarily

Just like the SaveTheQueen Ransomware, the Sun Ransomware, the Wulfric Ransomware, and other threats that eschew the easy way to criminality via Ransomware-as-a-Service, another Trojan that's independent of the more enormous RaaS families is starting up its campaign. Infections can cause the expected symptoms of a RaaS-style one: problems opening files, suspicious settings changes and ransom notes. As usual, the LockBit Ransomware's motive is money, or more specifically, Bitcoins.

The LockBit Ransomware – whose name comes from some of its Registry changes, rather than the addresses or extensions – leverages an encryption algorithm that malware experts haven't analyzed in-depth for cracking purposes. This attack turns files into non-opening versions, all of which, the LockBit Ransomware labels with the 'abcd' extension. Less visibly, the LockBit Ransomware also makes threatening edits to the user's Registry Internet settings, including disabling Intranet network paths.

The LockBit Ransomware also creates a Notepad TXT file for a ransom note, which is a symptom that it shares with thousands of similar, file-locker Trojans. However, the instructions are semi-unique to its campaign and demand a Bitcoin ransom for an unlocker without giving a concrete number to the fee. Although paying these ransoms is a high-risk and expensive recovery choice for victims, malware experts don't discourage using any free 'demo' offers, which the LockBit Ransomware makes with an offer of decrypting any single file of up to a megabyte.

Storing Your Bits Out of a Trojan's Sights

While the LockBit Ransomware has no particular connection to same-class threats like EDA2 or the Phobos Ransomware, the gist of its payload and means of preventing it are similar incredibly. Users always should assume that decryption could be impossible and, as a result, avoid putting their files in such a vulnerable position in the first place. Although the LockBit Ransomware accesses the CMD utility, which is a frequent herald of deleted Restore Points, users always can depend on backups that they save to external, sufficiently-secured devices.

The samples of the LockBit Ransomware that are available to malware researchers are 'test' versions without any clues as to how the Trojan might circulate. Examples of infection exploits for many file-locking Trojans include:

  • Browser-running Exploit Kits that use corrupted JavaScript, Flash, and other software vulnerabilities (most of which are patchable).
  • E-mail attachments, including schemes such as fake invoices or resumes.
  • Torrents, such as fake downloads or bundles for piracy-related content (keygens, etc.).

Admins also can maintain stringent security standards over software versions, admin account privileges and password choices. In conjunction with these and other steps suitable for eliminating the above vulnerabilities, most users should avoid any exposure to the LockBit Ransomware.

Any encounters that do occur should be manageable by most Windows anti-malware tools, which should delete the LockBit Ransomware without difficulty. The LockBit Ransomware is an underdog, as far as Trojans go. But, rather than rooting for it, users should hope that it doesn't achieve its goals, which can only mean unhappy news for reckless PC workers.

Loading...