Itlock Ransomware is a MedusaLocker Variant Targeting Files for Encryption
Our analysis unveiled Itlock as one of the ransomware variations associated with the MedusaLocker ransomware family. While reviewing recently discovered samples, our team of experts stumbled upon Itlock. This particular ransomware encrypts files and modifies their names by appending the ".itlock20" extension (the number in the extension may vary). Additionally, it leaves behind a ransom note named "How_to_back_files.html."
To illustrate how Itlock alters filenames, let's take the examples of "1.jpg" and "2.png." After the ransomware takes effect, these files would be transformed into "1.jpg.itlock20" and "2.png.itlock20," respectively.
The ransom note explicitly claims that all crucial files have been encrypted using complex encryption. It warns against using third-party software to restore the files, as such attempts could result in permanent corruption. The note emphasizes that only the attackers possess the capability to resolve the encryption and decryption process.
According to the ransom note, the hackers have gained access to highly sensitive and personal data, which is currently stored on a private server. The hackers state they will destroy the server after receiving the ransom payment. However, if the victim decides not to pay, the attackers intend to either publicly release the data or sell it to other parties.
Furthermore, the note mentions that the attackers are willing to demonstrate their ability to decrypt files by offering to decrypt 2-3 non-critical files free of charge. They provide email addresses through which victims can contact them to inquire about the ransom price and obtain the necessary decryption software. It is stressed in the note that the ransom price will increase if no contact is made within a 72-hour timeframe.
Lastly, the note presents the option of utilizing Tor chat for ongoing communication with the attackers, presumably for maintaining anonymity and facilitating further negotiations.
Itlock Ransom Note Copies MedusaLocker Template
The ransom note used by the Itlock ransomware uses the standard MedusaLocker format and reads as follows:
YOUR PERSONAL ID:
YOUR COMPANY NETWORK HAS BEEN PENETRATED
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
Tor-chat to always be in touch:
How Can Your Protect Your Files from Ransomware Like Itlock?
To safeguard your files from ransomware like Itlock, it's crucial to implement preventive measures. Here are some essential steps to protect your files:
Backup your data: Regularly back up your important files to an external hard drive, cloud storage, or a reliable backup solution. Ensure that the backup is stored offline or in a location that is not directly accessible from your computer. This way, even if your system gets infected, you can restore your files from a clean backup.
Keep your software up to date: Promptly install software updates and patches for your operating system, antivirus programs, web browsers, and other software. Software updates often include security fixes that can address vulnerabilities exploited by ransomware.
Exercise caution with email attachments and links: Be vigilant when opening email attachments, especially from unfamiliar or suspicious sources. Avoid clicking on links within emails or messages that seem suspicious or are from unknown senders. Verify the legitimacy of the sender before interacting with any attachments or links.
Use robust security software: Install reputable antivirus or anti-malware software on your system and keep it up to date. These security tools can detect and block ransomware threats, providing an additional layer of defense.
Enable firewall protection: Activate a firewall on your computer and network to monitor incoming and outgoing connections. A firewall helps block unauthorized access and can prevent ransomware from communicating with command-and-control servers.
Exercise safe browsing habits: Avoid visiting potentially malicious websites or downloading files from untrusted sources. Be cautious of pop-up advertisements and be mindful of the websites you visit, ensuring they have secure connections (https://) and a good reputation.