Thousands of Servers Get Infected By LiLocked Ransomware

Cyber criminals continue creating ransomware and updating them to keep their campaign active. LiLocked Ransomware which is also known as Lilu is among those threat which was active from some time but again detected in July with more intensive features. Because of its dangerous features, this threat has become popular among those who want to be a cyber criminal. According to security report, this ransomware has infected thousands of web server. Based on current infection sample, the ransomware is currently targeting file extension like JS, HTML, CSS, SHTML,INI and PHP which is hosted on Linux based web server only. Main reason why cyber crooks rely on these type of ransomware because it provide them an easy way to generate money.

Ways Through Which LiLocked Breaches

According to information Locked Ransomware has infected more than 6,700 servers and the numbers are most likely to be increase. The exact method of distribution used by LiLocked Ransomware authors are still unknown, but according to a Russian forum speculate that crooks behind this ransomware mostly target those system which uses an outdated mail transfer agent known as Exim. Vulnerabilities of the Exim software are often used by attackers and its evident found in recent cases. One example of such attack is Watchbog Linux Trojan in which the infected hosts became section of a Botnet which was utilized for mining Monero cryptocurrency.

As mentioned in the report, LiLocked Ransomware add .lilocked extension to each of the files which it has targeted on the infected computer. main purpose behind this act is to avoid targeting those important files which is required to keep the system running. Because if it target such files, system will not work and it can’t get success in its purpose. Next, the ransomware also drops a ransom note known as #README.lilocked which is attached in each of the folder where it has encrypted files. Below you can see the screenshot of that ransom note :

It rarely happen that cyber criminal use polite language in ransom note otherwise they treat user as offender. The ransom note inform victims about the encryption which it has put in their files and also want them to pay money for avoiding data loss. It provides a link and want users to visit that link which supposedly provide them option to pay the ransom money and get the unique key which is needed to unlock encrypted files. But as suggested by experts, user’s should avoid paying ransom because it is not safe way and there is great chance that ransomware don’t return files even after getting the ransom money.

Protection Against LiLocked Ransomware

Having a good data backup strategy, cyber professional can help organization to protect their important data against the LiLocked Ransomware. Companies should enable backup account and at the same time block the production account from editing the backup. In addition, updating software installed on system, avoid opening spam email attachment and other security measures can narrow the surface of attack for threats such as LiLocked Ransomware.

Leave a Reply

Your email address will not be published. Required fields are marked *