Remove Lockhyp Ransomware
The MedusaLocker Ransomware family showed remarkable activity in 2020, but the activity of this operation seems to have died down recently. However, malware researchers report a new ransomware implant, which appears to be based on the code of the original MedusaLocker project. The threat, dubbed Lockhyp Ransomware, uses a flawless file-encryption routine, which is impossible to crack via free/public utilities. Unfortunately, the only way to reverse the encryption is to use a special decryption key that the authors of the Lockhyp Ransomware have. This piece of information is unique for every victim, and the ransomware stores it on the server of the attacker. This means that it is impossible to retrieve the decryption key without their help.
But how does the Lockhyp Ransomware work? After infecting a computer successfully, it starts encrypting files in all accessible locations – hard drives, removable storage, external drives, etc. The files it locks will have the '.lockhyp' extension added to their name. The ransomware also creates the ransom note 'HOW_TO_RECOVER_DATA.html' and drops it on the desktop.
Lockhyp Ransomware Creators Ask for Hundreds of Dollars
The criminals are asking to be paid a hefty ransom fee in exchange for their help. They ask the victim to message them at diniaminius@winrof.com or soterissylla@wyseil.com for more assistance. The criminals are also using a TOR-based page to provide payment details and assistance. It is important to add that they do not provide any proof that their decryption service is real and it works – it is possible that they might be trying to scam users.
Even though reversing Lockhyp Ransomware's encryption might be a very tough challenge, victims should not consider paying money to the criminals. They ask to receive all payments through Bitcoin, an anonymous payment option, which would make the transaction irreversible. Users will not be able to do anything even if the criminals do not fulfill their promise. A similar MedusaLocker variant is the Frlock Ransomware.
Victims of the Lockhyp Ransomware should run an anti-malware tool to ensure the full removal of the malicious application. After this, they can experiment with some of the data recovery tools available online. Please, keep in mind that the only reliable way to undo ransomware damage is to restore the lost files from a backup.