Loches Ransomware Will Demand Payment for Locked Files

A New Addition to the GlobeImposter Ransomware Family

Loches Ransomware is a file-encrypting program linked to the notorious GlobeImposter family. This threat is designed to lock data on compromised systems and demand payment for its restoration. Once it infiltrates a device, it encrypts various file types and appends the ".loches" extension to each affected file. For instance, a file originally named "document.pdf" would become "document.pdf.loches," rendering it inaccessible without the decryption key.

In addition to encrypting files, Loches Ransomware delivers a ransom note named "how_to_back_files.html." This message informs victims that their company network has been compromised and that crucial files are now locked using a combination of RSA and AES encryption. The attackers insist that only they possess the necessary decryption tools, warning against attempts to use third-party software, which they claim will result in permanent data loss.

Here's what the ransom note says:

YOUR PERSONAL ID:
-
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!

Your files are safe! Only modified. (RSA+AES)

ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.

No software available on internet can help you. We are the only ones able to
solve your problem.

We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..

We only seek money and our goal is not to damage your reputation or prevent
your business from running.

You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.

Contact us for price and get decryption software.

email:
rudolfbrendlinkof1982@tutamail.com
robertokarlosonewtggg@outlook.com
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.

What Loches Ransomware Wants from Its Victims

The ransom note reveals that Loches Ransomware is not just about encryption—it also involves data theft. The attackers claim to have extracted sensitive information and stored it on a private server. They threaten to publish or sell this data if the victim refuses to agree with their demands. This tactic, known as double extortion, increases the pressure on victims, as they not only risk losing access to their files but also face potential confidential data exposure.

To demonstrate their ability to restore files, the cybercriminals offer to decrypt two or three non-essential files for free. However, victims are required to contact the attackers via email—rudolfbrendlinkof1982@tutamail.com or robertokarlosonewtggg@outlook.com. The note also warns that the ransom fee will increase if the victim does not make contact within 72 hours, adding urgency to the demand.

The Challenge of Ransomware Recovery

Recovering files encrypted by ransomware is often difficult. In most cases, only the attackers hold the decryption keys, making it nearly impossible for victims to regain access without paying the ransom. However, sending payment does not guarantee that the attackers will provide the promised decryption tools. Some victims have paid, only to receive nothing in return.

For those affected by Loches Ransomware, the best chance of recovery lies in having a secure backup. If a backup exists, users may be able to restore their data after removing the ransomware from their system. In some rare cases, cybersecurity researchers develop decryption tools, but these are not always available for every ransomware strain.

How Ransomware Spreads and Compromises Devices

Ransomware operators rely on multiple techniques to infect devices. One of the most common methods is deceptive emails that contain malicious attachments or links. These emails may appear to come from reliable sources, tricking recipients into opening harmful files that execute the ransomware.

Other infection methods include software piracy, compromised websites, malicious advertisements, and the use of infected USB devices. Cybercriminals may also exploit software vulnerabilities to infiltrate systems, making it crucial for users to keep their applications and operating systems updated. Additionally, downloading software from unverified sources, such as third-party websites or peer-to-peer networks, increases the risk of encountering ransomware and other harmful programs.

Protecting Against Ransomware Attacks

Since ransomware attacks can result in both financial losses and data breaches, taking preventive measures is essential. Regularly backing up important files is one of the most effective defenses, as it allows victims to restore their data without paying a ransom. These backups should be stored on offline or cloud-based systems to prevent ransomware from encrypting them.

Caution is also necessary when handling emails from unknown senders. Avoid opening attachments or clicking links unless they have been verified as safe. Furthermore, users should only download software from official websites or trusted app stores, as unofficial sources often distribute malicious programs. Keeping security software up to date and enabling automatic system updates can help protect against vulnerabilities that ransomware exploits.

Key Takes

Loches Ransomware is just one of many threats within the ever-growing ransomware landscape. Similar threats such as Lucky (MedusaLocker), FOX, and NailaoLocker continue to target individuals and businesses worldwide. These programs all follow the same strategy—encrypting files and demanding payment—though some employ additional extortion tactics, such as threatening to leak stolen data.

Given the persistent and evolving nature of ransomware attacks, cybersecurity awareness remains crucial. Users should stay informed about emerging threats, recognize potential risks, and implement security best practices to reduce their chances of falling victim to such attacks. By staying cautious and maintaining strong cybersecurity habits, users can better protect themselves against threats like Loches Ransomware.

By Willa
February 25, 2025
Ransomware
English
February 25, 2025
Ransomware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Ransomware

JS Ransomware Operators Demand Bitcoin

JS Ransomware is an interesting file-encryption Trojan that uses an odd extension to mark the names of files it encrypts. When the JS Ransomware takes over your data, it will append the '.JS' extension to every... Read more

February 25, 2022
Ransomware

POLINA Ransomware Lists No Ransom Demand

POLINA ransomware is a newly discovered strain of file-encrypting malware. The ransomware was first spotted in July 2022 and it does not seem to share code or belong to any of the big ransomware families. Once... Read more

July 29, 2022
Ransomware

Jypo Ransomware Will Lock Your Files & Demand Payment To Get Them Back

Jypo is a type of ransomware that uses encryption to prevent victims from accessing their data, while also renaming files by appending its extension (".jypo") to the filenames. The ransomware is accompanied by a... Read more

March 27, 2023
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.