Lockxx Ransomware Comes With Chinese Ransom Note
During our analysis of the malicious software, we observed that Lockxx functions as ransomware: it encrypts files, adds the extension ".lockxx" to file names, and presents a ransom note ("lockxx.recovery_data.hta"). Furthermore, Lockxx alters the desktop wallpaper of the victim.
An illustration of how Lockxx alters filenames is as follows: it transforms "1.jpg" into "1.jpg.lockxx," "2.png" into "2.png.lockxx," and so forth.
In the ransom note, the perpetrators request an unspecified sum of money, dependent on the victim's prompt communication. The note includes two email addresses, namely, chinahelp2023@nigge.rs and datahelp2023@cyberfear.com, as avenues for negotiation and information exchange.
The attackers assure the victim of receiving a decryption tool and assistance upon payment. To build trust, they offer a complimentary decryption test, allowing the victim to submit a test file to showcase the attackers' ability to recover data. The note advises against involving third parties in the decryption process, citing potential cost escalation.
Furthermore, the victim is cautioned against attempting independent decryption using third-party software, with the risk of permanent data loss. The instructions also stress refraining from editing, deleting, or renaming any files before making the payment to ensure successful restoration upon compliance with the ransom demands.
Lockxx Ransom Note Contains Chinese Text
The full text of the Lockxx ransom note reads as follows:
English Chinese
The price depends on the speed at which you write to us . After payment , we will send you a decryption tool and assist you in decrypting all filesMail address !
chinahelp2023@nigge.rs
datahelp2023@cyberfear.com
Free decryption test as guarantee !
Integrity is our principle
Before making the payment , you can send us a test file to prove that we are capable of recovering your data
Attention !
Decryption of your files with the help of third parties may cause increased price
Do not try to decrypt your data using third party software , it may cause permanent data loss
Please do not (edit, delete, rename) any files , otherwise it cannot be restored邮件地址 !
chinahelp2023@nigge.rs
datahelp2023@cyberfear.com
免费解密测试作为保证 !
诚信是我们的原则
在付款之前 , 你可以向我们发送测试文件以证明我们有能力恢复你的数据
注意 !
在第三方的帮助下解密你的文件可能会导致价格上涨
请勿尝试使用第三方软件解密你的数据 , 这可能会导致数据永久丢失
请不要 (编辑, 删除, 重命名) 任何文件 , 否则无法恢复文件
ID
How Can You Proactively Protect Your Data from Ransomware?
Protecting your data from ransomware requires a proactive and multi-layered approach. Here are several strategies to help safeguard your data:
Backup Regularly:
Perform regular backups of your important data and ensure they are stored in a secure and separate location.
Use a combination of offline and cloud backups to minimize the risk of both being compromised.
Keep Software Updated:
Regularly update your operating system, software, and applications to patch vulnerabilities that could be exploited by ransomware.
Use Reliable Security Software:
Install reputable antivirus and anti-malware software to detect and block ransomware threats.
Keep the security software updated to ensure it can recognize the latest threats.
Implement Email Security Measures:
Use email filtering solutions to block malicious attachments and links.
Enable two-factor authentication for email accounts to add an extra layer of security.
Least Privilege Principle:
Limit user access rights to only what is necessary for their job function. This reduces the potential impact of ransomware spreading across the network.
