Understanding Lilocked Ransomware
Thousands of servers have been hit by the latest threat of digital world! Developers call it Lilocked ransomware. The destructive lilu virus has targeted thousands of Linux servers around the World till date. It is in mid-July when the cyber experts first report the attack of Lilocked virus! However, in last two weeks, lilu ransomware has shown its true destruction. Additionally, this malicious crypto virus was first uncovered when a victim user uploaded its ransom note on ‘ID Ransomware’. It is basically an open platform for all to upload their ransomware notes and details about the ransomware attack. This practise is done to identify the name of ransomware. Also, numerous people discuss and present their ideas on how to remove the nasty computer threats.
Once the Lilocked file virus sneaks into your system, it aims at gaining its root access. Furthermore, the mechanism used to infiltrate the system is still a mystery! However, alike other ransomware, Lilocked ransomware also appends a unique extension – ‘.lilocked’ to encrypt data. Hence, it becomes next to impossible task to recover .Lilocked files manually.
Nevertheless, it is just begin of Lilocked destruction! Upon successful encryption, Lilocked virus generates a text file – ‘#README.txt’. It is a general file that describes about the ransomware attack. It states that the stored files have been encrypted by malicious lilu virus and you have to pay the demanded ransom to get Lilocked decrypter.
According to French security researches, Lilocked has infected about 6,700 servers. However, the number of targeted users is suspected to be much higher. This article will give you insights about the menace caused by Lilocked ransomware to Linux server.
Distribution Technique
The infiltration of Lilocked ransomware is primarily conducted via the spam campaigns. During spam campaign, hackers sent unwanted e-mails with malicious attachments to the targeted system. Though the e-mails look legitimate, but the danger lies within the content or the attachment. Most of the time, such e-mails are sent with the name of some well-known shipping companies or financial organisations. PayPal, FedEx, eBay or DHL are a few notable mentions. These e-mails are sent to inform you about an undelivered package or invoice of a shipment that you made. Either way, when you open/download the attachment, your system is exposed to the risk of destructive crypto virus – Lilocked. The content of attachment is basically the hidden malicious macros. Once opened, it triggers the script of Lilocked extension and might launch the malware payload on your system.
Even though the sender of such e-mails looks trustworthy or real, you should avoid opening such suspicious e-mails or files. Also, immediately delete such questionable e-mails from your inbox.
Spam attacks are not the only way to spread this infection. There are many more! Let us have a quick look at some of them!
After spam campaigns, bundling is the second most used method to spread the malicious ransomware. It is basically a third party software download source! Developers at times, hide their malicious files within the installation process of regular software. As a result, the malicious file is automatically downloaded with the other software. Hence, it is advisable to download any software from legitimate sources.
To conclude, we can say that the main reason for such infiltration is lack of proper knowledge and reckless behavior. Hence, be careful during your online sessions.
Read Full Article
