lUUUUUUUUU Ransomware Uses Weird Extension

There is a new ransomware strain in the wild, called by researchers the lUUUUUUUUU ransomware.

The unusual name comes from the file extension that the ransomware appends to encrypted files. lUUUUUUUUU belongs to the family of Xorist ransomware clones and behaves largely like the rest of them.

It will encrypt most files on an infected system and then drop its random demands inside a plain text file and a pop-up window. Encrypted file types include media files, documents, archives and database files.

Once encrypted, files receive the ".lUUUUUUUUU" extension appended past their original one. The ransom note is dropped inside a file called "HOW TO DECRYPT FILES.txt" and contains the following text, which is also displayed in a pop-up window:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail lUUUUUUUUUUbasq at mail dot ru

Write this ID in the title of your message -

In case of no answer in 2 day

You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

November 29, 2022