Thousands of servers have been hit by the latest threat of digital world! Developers call it Lilocked Ransomware. The destructive lilu virus has targeted thousands of Linux servers around the World till date. It is in mid-July when the cyber experts first report the attack of Lilocked virus! However, in last two weeks, lilu ransomware has shown its true destruction. Additionally, this malicious crypto virus was first uncovered when a victim user uploaded its ransom note on ‘ID Ransomware’. It is basically an open platform for all to upload their ransomware notes and details about the ransomware attack. This practice is done to identify the name of ransomware. Also, numerous people discuss and present their ideas on how to remove the nasty computer threats.
Once the Lilocked file virus sneaks into your system, it aims at gaining its root access. Furthermore, the mechanism used to infiltrate the system is still a mystery! However, alike other ransomware, Lilocked ransomware also appends a unique extension – ‘.lilocked’ to encrypt data. Hence, it becomes next to impossible task to recover .Lilocked files manually.
Nevertheless, it is just begin of Lilocked destruction! Upon successful encryption, Lilocked virus generates a text file – ‘#README.txt’. It is a general file that describes about the ransomware attack. It states that the stored files have been encrypted by malicious lilu virus and you have to pay the demanded ransom to get Lilocked decrypter.
According to French security researches, Lilocked has infected about 6,700 servers. However, the number of targeted users is suspected to be much higher. This article will give you insights about the menace caused by Lilocked ransomware to Linux server.
|Name||Lilocked (Lilu) Virus|
|Symptoms||It makes the files unreadable by appending a unique extension. Additionally, you will be asked to pay ransom for decryption of .Lilocked files.|
|Damage||You may permanently lose the encrypted data, if you fail to make the payment within the prescribed time.|
|Removal||Download Removal Tool|
The infiltration of Lilocked ransomware is primarily conducted via the spam campaigns. During spam campaign, hackers sent unwanted e-mails with malicious attachments to the targeted system. Though the e-mails look legitimate, but the danger lies within the content or the attachment. Most of the time, such e-mails are sent with the name of some well-known shipping companies or financial organisations. PayPal, FedEx, eBay or DHL are a few notable mentions. These e-mails are sent to inform you about an undelivered package or invoice of a shipment that you made. Either way, when you open/download the attachment, your system is exposed to the risk of destructive crypto virus – Lilocked. The content of attachment is basically the hidden malicious macros. Once opened, it triggers the script of Lilocked extension and might launch the malware payload on your system.
Even though the sender of such e-mails looks trustworthy or real, you should avoid opening such suspicious e-mails or files. Also, immediately delete such questionable e-mails from your inbox.
Spam attacks are not the only way to spread this infection. There are many more! Let us have a quick look at some of them!
After spam campaigns, bundling is the second most used method to spread the malicious ransomware. It is basically a third party software download source! Developers at times, hide their malicious files within the installation process of regular software. As a result, the malicious file is automatically downloaded with the other software. Hence, it is advisable to download any software from legitimate sources.
To conclude, we can say that the main reason for such infiltration is lack of proper knowledge and reckless behavior. Hence, be careful during your online sessions.
As discussed earlier, the mode used by Lilocked ransomware to breach the server is still unknown. However, once this crypto virus infects your system, it is not a challenging task to detect its presence. As soon as it is located, do not delay to download Lilocked decrypter tool. Furthermore, the lilu virus ensures the encryption of files by appending a unique extension to it. And, once the files are successfully locked, it demands hefty amount of ransom in order to decrypt .Lilocked files. This ransom is demanded via a ransom-demanding message, which is sent in the form of text file – ‘#README.txt’.
This text file performs the following two tasks:
Fortunately, the ransomware does not encrypt system files! And hence, Linux systems run normally. However, a small set of file extensions are encrypted by the malicious lilu ransomware. HTML, SHTML, JS, CSS, PHP, INI and multiple image formats are its major targets.
And hence, it is of utmost importance to remove Lilocked Ransomware.
Since the gateway of Lilocked virus is still not clear, here are a few common precautionary measures. After proper analysis and research in our labs, we have concluded our research with the following measures:
To restart the system to Safe Mode with Networking, if already switched ON then follow the below steps:
5 Once the system restarts, click on the username and enter the password (if any) to log in.
Once the system starts, ensure to use an account with administrative privilege to access Safe Mode with Command Prompt.
After the user enters admin credentials, Command prompt window is displayed wherein you are entitled to enter the below commands:
For Windows 7
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.