Lumino_Ransom Ransomware Contains Bilingual Ransom Note

Lumino_Ransom is a new ransomware variant discovered in late October 2022. It does not belong to any of the big families of ransomware clones.

Lumino will encrypt the system and scramble files on it. Once encrypted, files receive the ".lumino_locked" extension, attached after their original one. This will turn a file named "document.docx" into "document.docx.lumino_locked" once it gets encrypted.

To make things more confusing, Lumino_Ransom does two unusual things. First, the ransomware creates four hundred blank, zero-byte files on the desktop, naming them Lumine1 through Lumine400. Additionally, the ransomware does not dump its ransom demands inside a file. Instead, it opens a Notepad window and what is likely a keystroke script types out the ransom note in real time, in front of the victim's eyes.

The full ransom note is in English and French and goes as follows:

Hi !!!
Your file was encrypted by the ransomware: Lumino_Ransom, if you want to decrypt him, send me à mail with the user name pc at and I give to you the password for free ; that you need to enter in Lumino_decrypt ! On the other hand, you have no luck, it's the Hard's version of my Ransomware that I've created then...

Salut !!!
Vos fichier on été encypté par le ransomware: Lumino_ransom, si tu veux les décryptés, envoie moi un mail avec ton nom d'utilisateur à et je te donnerais le mot de passe gratuitement ; qu'il faudra entrer dans Lumino_decrypt ! Par contre, t'as pas de chance, c'est la version Hard mon Ransomware que j'ai crée donc...

The window/notepad gonna be closed automaticaly after 20 secondes !
La fenettre/le bloc note vas être fermée automatiquement après 20 secondes !

October 21, 2022