Home Malware Programs Ransomware Lotej Ransomware

Lotej Ransomware

Posted: August 7, 2019

The Lotej Ransomware is a file-locker Trojan from the Ransomware-as-a-Service or RaaS family of the STOP Ransomware. Threat actors use variants of this family for encrypting files and holding them for ransom through an accompanying text note. Since decryption is, often, difficult for this family, users should have backups saved for recovery and use anti-malware products for uninstalling the Lotej Ransomware.

Another Case of Southeastern Asian File Problems

One might assume that a rental-based Trojan business would be open to running campaigns all around the world, but clientele can exhibit more particular preferences than that. As a demonstration of how the RaaS sector can handle its distribution, one of the STOP Ransomware's newest variants, the Lotej Ransomware, shows both the long-term geolocational attributes of its family and its means of hiding on your computer. Like most file-locker Trojans, the consequence of overlooking it is having one's files locked and ransomed.

The Lotej Ransomware is, similarly to relatives like the Brusaf Ransomware, the Litar Ransomware, or the Masok Ransomware, compromising victims with a focus on Indonesia. Typical tactics for delivering these file-locking Trojans trick users into opening their installers by passing them off as being software cracks or other, torrent-friendly content. The samples of the Lotej Ransomware that are available to malware analysts all use random names with 'tmp' extensions for faking a temporary file.

The Lotej Ransomware's payload's core purpose is blocking documents, pictures, and other media on your computer with AES encryption. It can use a default RSA key or a server-downloaded one for securing this attack against 'easy' decryption attempts. An encrypted file can't open without being converted back to its previous format and requires a custom key that the threat actor sells in a text message that the Lotej Ransomware drops. Concerning its symptoms, the different extension that the Lotej Ransomware appends is its only qualifying difference, relative to its near ancestors.

A Free Escape Code from Digital Ransoms

Evergreen, free decryption is a white whale that many victims of file-locker Trojans demand after doing nothing for protecting themselves or mitigating the fallout from infections. While decryption is, often, impossible, and the Lotej Ransomware can delete the ShadowVolume Copies through a standard CMD command, secure backups are an always-dependable counter to these attacks. Saving one's files to a removable device, such as an appropriate USB, or a cloud server, renders them out of reach for nearly all file-locking Trojans.

Safe browsing behavior can provide additional protection against the Lotej Ransomware and its potential infection exploits. Users should avoid passwords that criminals could brute-force, disabling unsafe features (including Word's macros and their browser's JavaScript), and eschew illicit downloads. In conjunction, these steps can block most points of attack that would install the Lotej Ransomware or one of its hundreds of relatives.

If no other resorts are available, anti-malware tools should block most installation exploits, and also may disinfect your computer and remove the Lotej Ransomware.

Although victims of the Lotej Ransomware's attacks are beyond question, users have only themselves to blame for self-induced problems. A backup that takes minutes and saves hundreds of dollars is worth it for anyone.

Loading...