Lock Ransomware Lists No Ransom But Don't Get Excited
There is a new version of the Babuk ransomware in the wild, called the Lock ransomware.
The new strain behaves as expected, encrypting files on the victim system. Affected extensions include media files, documents, database and archive files. Once encrypted, files receive a simple new extension appended after their original one. This will turn a file named "archive.zip" into "archive.zip.lock".
The ransom note contains no specific mention of a ransom amount and only provides contact information victims can use to get in touch with the ransomware's authors - something that is never a good idea. The ransom note is dropped inside a plain text file with the name "How To Restore Your Files.txt". The ransom note is placed on the system desktop and its full text goes as follows:
LOCK
All of your files have been encrypted!
Your computer was infected with a ransomware virus. Your files have been encrypted and you won't
be able to decrypt them without our help. What can I do to get my files back? You can buy our special
Decryption Software, this Software will allow you to recover all of your data and remove the
ransomware from your computer.
To buy Decryption Software write to us Tox or email!
email: locksupport at onionmail dot org
Tox: [alphanumeric strings]
Download Tox hxxps://tox.chat/download.html