![]() ![]() In most cases, it is impossible to recover files for free unless victims have their files backed up or a decryption tool is available for download on the Internet. In conclusion, LockFile's ransom note instructs victims to contact the attackers and wait for further details. They are encouraged to do that as soon as possible because the longer victims do not contact the attackers, the more they will have to pay. ![]() In order to receive payment information, victims have to write an email to victims can contact the attackers via the provided Tor website. The only way to restore files is to decrypt them with a private key purchased from the attackers. Screenshot of a message encouraging users to pay a ransom to decrypt their compromised data:Īs stated in the LockFile's ransom note, attempts to rename files or restore them with third-party software will damage files irreversibly. This ransom note provides contact information (and some other details). Its filename contains ransomware name, computer name, and a string of random characters (for example, " LOCKFILE-README-TOMASMESKAUFFFE-1629716662.hta"). Its name depends on the victim's computer name. For instance, it renames a file named " 1.jpg" to " 1.jpg.lockfile", " 2.jpg" to " 2.jpg.lockfile", and so on.Īlso, LockFile creates an HTA file. This ransomware encrypts files and appends the ". Cybercriminals behind LockFile ransomware target companies, although they might be targeting personal computers as well. ![]()
0 Comments
Leave a Reply. |