LockCrypt Ransomware Is Young but Profitable
From the beginning of June, a new gang of hackers has been breaching the unsecured servers by means of RDP attacks. Once inside, they manually install a ransomware Trojan named LockCrypt. The stream of infected users is constantly growing.
Cybercriminals hit mostly businesses in the UK, the US, India, South Africa, and the Philippines.
The LockCrypt group often hacks one server and then moves to as many computers as possible. They manually run the LockCrypt virus on each machine.
Each infected computer displays a specific ransom note. All files are locked with strong encryption algorithm and have a .lock extension.
To decrypt their files, users should send the ransom payment in Bitcoins. Most often it is 1 BTC per computer. Some victims say they are asked to send 0.5 BTC per computer. Based on current Bitcoin price, sums vary from 4000 USD to 8000 USD. In rare cases, big enterprises face demands of hundreds of thousands of USD. It happens when hackers manage to infect a big number of computers.
Initial versions of LockCrypt features the same contact email address as Satan ransomware. Security experts tend to believe that the LockCrypt crew bought the Satan ransomware based on RaaS (ransomware as a service) scheme. Afterwards, they used the ill-gotten money to build a custom version of Satan to produce LockCrypt.
This ransomware is not the run-of-the-mill variant.
- It uses very strong crypto.
- It is boot persistent.
- It can delete Shadow Volume Copies.
- LockCrypt may run a special batch file to kill all non-Windows processes to stop antivirus products or other processes that may prevent the file encryption.
LockCrypt is the latest iteration of a long-lived ransomware family that criminals use in order to hack the RDP. It is never used for mass spam campaigns or with exploit kits.
Some notable ransomware viruses that used the same installation routine:
- DMA Locker
The LockCrypt group makes a good profit from their rogue endeavors. Three of the Bitcoin wallets used by criminals show the gang made about $200,000 worth of BTC.