Ransomware is the trend of today’s malware attacks. We’ve seen some of the greatest ransomware attacks in the field. WannaCry was most feared. Following WannaCry, other campaigns also launched in the world, asking for ransom in cryptocurrency. However, a ransomware “LockCrypt” has been cracked, thanks to the developer’s intellect and the hacker’s poor implementation of encryption.
The team at Malwarebytes identified a weakness in the encryption scheme that LockCrypt used. Using the weakness, the team could successfully exploit the ransomware to recover the encrypted files. Now, they can help other LockCrypt victims to get back their files.
LockCrypt attack events
The first time this ransomware was identified was last June. It’s also thought that the group responsible for LockCrypt also distributed Satan ransomware. The most significant attack of LockCrypt was taking over the network of Mecklenburg Country in North Carolina.
However, the ransomware wasn’t so active. It’s because the group didn’t distribute the malware via any phishing campaign or spams. LockCrypt groups installed the ransomware manually into the hacked systems after successfully breaking into organization’s networks via RDP.
At first, it created files with “.lock” extension. Then, it switched to “.2018” and “.1btc” respectively.
LockCrypt is sloppy
According to the researchers at Malwarebytes team, this ransomware was poorly coded. Moreover, the encryption method wasn’t powerful at all. They also criticized the sense of understanding of encryption of the hacker group. The ransomware used a custom version of encryption method instead of using the proven, powerful ones in the market. This led to an easier solution with this one.
Researchers were also able to discover an unencrypted LockCrypt sample. By analyzing the sample, they were able to find out a lot more about the sloppy ransomware.
If you’re a victim of LockCrypt, you contact Malwarebytes team. For Mac users, it’s time to be careful as a new backdoor is being spread through phishing campaign and an infected MS Word document. Learn how to stay safe from the new Mac backdoor.