Lukitus Guide to preventing extortion malicious code
What is Lukitus?
Lukitus is an updated version of a ransomware virus (extortion code) called Locky.Developers spread Lukitus via spam (malicious attachments).After penetration, Lukitus encrypts data stored with RSA-2048 and AES-128 encryption algorithms.During the encryption process, the virus will rename the encrypted files using the form "32_random_letters_and_digits] .lukitus".For example: "sample.jpg" can be renamed as file name "GPZ9AETR3-BIEU-8HAJ-36AD5B2D-3192B7EB5821.lukitus".After successfully encrypting it, Lukitus changed the desktop background and created an HTML file ("lukitus.htm") to put it on the desktop.
- How to get rid of root virus * .OSIRIS - Ransomware Locky?
The desktop file and the HTML file on the computer contain a message about ransom requests that the file is encrypted and can only be restored through a specific decryption program using a unique key.Unfortunately, this information is correct.As mentioned above, Lukitus uses RSA and AES cryptographic algorithms, and therefore, only one decryption key is created for each victim.These keys are stored on a remote server controlled by Lukitus developers.Victims are required to pay a ransom to receive the key by following the instructions provided on the official website of the malware.The cost of decoding is 0.5 Bitcoin (approximately 50,000,000 VND).However, keep in mind that tech criminals should not be trusted because they often ignore victims when they get ransom.Payment is not guaranteed to ensure that your files will be decrypted.Moreover, giving money to cyber criminals indirectly supports their malicious virus business activities.Therefore, do not contact these people or pay any ransom.Unfortunately, there is no tool that can recover files encrypted by Lukitus and the only solution is to restore your files and systems from backup.
Notice of ransom request of cyber criminals:
Lukitus closely resembles Aleta, BTCWare, GlobeImposter and dozens of other types of extortion codes.These malware are also designed to encrypt files and request ransom.There are only two main differences: 1) the ransom required and 2) the type of encryption algorithm used.Research shows that most of these viruses use algorithms that generate unique decryption keys (eg RSA, AES, DES, etc.). Therefore, it is almost impossible to recover these files without There is a decryption key for cyber criminals.
How does extortion code attack computers?
Although Lukitus is distributed via spam, cyber criminals often distribute similar malware using fake software, trojans and third party software downloads (download sites). about free, free file hosting sites, peer-to-peer networks, etc.).In this case, Lukitus is distributed to the victim as a compressed .rar file.However, spams often contain JavaScript, MS Office documents and other similar files designed to download or install malware.The fake software update exploits outdated software errors to infect the system.Third-party software downloads often increase malicious performance by 'introducing' them as legitimate software.
How to protect your computer from extortion?
To prevent malicious blackmail infection, you need to be very careful when browsing the Internet.Never open files received from suspicious emails or download software from unofficial sources.Furthermore, use legitimate anti-spyware / anti-spyware software and update installed applications.However, keep in mind that criminals distribute malware through fake updates.Therefore, using third-party tools to update the software is very dangerous.The key to keeping computers safe is caution.
Sample spam used to distribute malware Lukitus:
Lukitus HTML file:
File Lukitus screen wallpaper:
Lukitus Tor website file:
Files are encoded by Lukitus ("[32_random_letters_and_digits] .lukitus" template file name):
Lukitus Guide to preventing extortion malicious code
Step 1: Eliminate extortion code Lukitus uses safe mode with the network.
Windows XP and Windows 7 users : Start your computer in Safe Mode. Click Start> Shut Down> OK . During the computer boot, press the F8 key on the keyboard several times until you see the Windows Advanced Option menu, then select Safe Mode with Networking from the list.
Video tutorial on how to start Windows 7 with "Safe Mode with Networking ':
Windows 8 users: Go to the Windows 8 Start Screen, type Advanced , in the search results select Settings . Click the Advanced startup option in the "General PC Settings" window that has been opened. Click the "Restart now" button. Your computer will now reboot into the "Advanced Startup options menu" . Click the " Troubleshoot " button, then click the "Advanced options" button. In the advanced options screen, click Startup settings > Restart . The computer will reboot into the Startup Settings screen. Press F5 to start with Safe Mode with Networking.
Video tutorial to start Windows 8 in Safe Mode with Networking.
Windows 10 users: Click the Windows icon and select Power. In the opened menu, click " Restart " while holding the " Shift " button on the keyboard. In the "choose an option" window, click " Troubleshoot ", then select "Advanced options" . In the advanced options menu, select "Startup Settings" and click the " Restart " button. In the next window, click the " F5 " button on the keyboard.This will restart your operating system securely with the network.
Video tutorial to start Windows 10 in "Safe Mode with Networking":
Step 2:: Removing Lukitus extortion code to use system restore
If you cannot start the computer in Safe Mode with Networking, try performing a system restore.
Video instructions on how to remove ransomware with "Safe Mode with Command Prompt" and "System Restore:
1. During the computer boot process, press the F8 key on the keyboard several times until the Windows Advanced Options menu appears, then select Safe Mode with Command Prompt from the list and press Enter .
2. In Command Prompt, enter the following line: cd restore and press Enter .
3. Next, type this line: rstrui.exe and press Enter .
4. In the window that opens, click " Next ".
5. Select one of the Restore Points and click " Next " (will restore your computer system before the Lukitus virus invades).
6. In the window that opens, click " Yes ".
7. After restoring the computer, download and scan your computer with malware removal software to remove any Lukitus remnant malicious code files.
To restore these maliciously encrypted personal files, try using the Windows Previous Versions feature.This method is only effective if the System Restore function has been activated on an operating system attacked by malicious code.Note that some variants of Lukitus can delete Shadow Volume Copies of files, so this method may not work on all computers.
To restore a file, right-click it, go to Properties and select the Previous Versions tab. If the related file has Restore Point, select the file and click the " Restore " button.
If you cannot start the computer in Safe Mode with Networking (or with Command Prompt), start your computer with a rescue disk.Some variants of disabled extortion code with Safe Mode with Networking make deleting it complicated.For this step, you need access to another computer.
To regain control of files encrypted by Lukitus, you can also try using a program called Shadow Explorer.
To protect your computer from file encryption extortion malicious code like this, use reputable anti-virus and anti-spyware programs.As an additional protection method, you can use programs called HitmanPro.Alert, which artificially create group policy objects in the registry to block fake programs like Lukitus.
Malwarebytes Anti-Ransomware Beta uses advanced technology to monitor blackmail malicious activity and terminate it immediately - before reaching user files:
The best way to avoid damage from extortion code is to keep regular updates on backups.
Other tools are known to remove Lukitus extortion code:Plumbytes Anti-Malware andSpyHunter 4 .
You should read it
- ShieldFS can stop and reverse the effects of extortion code
- Top 20 best encryption software for Windows
- Top 5 best USB encryption software
- File encryption software and privacy protection messages
- What is end-to-end encryption? How does it work?
- Microsoft changes the default settings to keep the content stored on the hard drive safe
- Warning: Dangerous new malicious code spills over to Vietnam
- Ryuk Ransomware has added 'selective' encryption capabilities.
May be interested
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- Is Ransomware Annabelle scary with Annabelle movies?while most extortion codes are created to make money, some people create them to show their skills. that's the case of ransomware inspired by the horror film annabelle.
- ShieldFS can stop and reverse the effects of extortion codeitalian researchers have developed a custom drop-in driver and system file that can detect signs of ransomwrae infection, stop the malicious activity and even transfer the encrypted file to its original state. .
- Shade ransomware, the nightmare of 5 years ago is showing signs of returningshade ransomware - extortion code recorded by kaspersky labs disappeared from the internet five years ago, 2014, showing signs of returning again.
- Warning: New malicious code is infecting about 500,000 router devicescisco researchers have released a warning warning about a malicious malicious code called vpnfilter, which is spread by a group of hackers spreading more than 500,000 home or small companies' devices across the globe. world.
- Watch out for new dangerous viruses similar to WannaCryanother type of computer virus that exploits a security hole in the windows operating system, such as the wannacry malicious code, has spread more than 200,000 devices and helped hackers hack silver.
- 14 games on the App Store contain malicious code, iPhone users be carefulsecurity researchers wandera recently discovered 14 games linked to a server once used to control malware golduck that made the android world chaotic last year.
- Malicious code is growing upsecurity firm mcafee warns that malicious code is currently on the way to prepare to reach a new level of complexity and professionalism. not only the malicious code and adware are now becoming a professionally distributed service
- Find bug in Emotet malware, prevent it from spreading for 6 monthsaccording to researcher james quinn of the security firm binary defense, like other software, malicious code also has vulnerabilities, error codes. hackers can exploit software vulnerabilities to cause harm, security experts can also decompile the source code of malicious code to find the vulnerability to exploit and defeat the malicious code.
- What to do when the computer is infected with a virus that fights virtual money?experts from trend micro recommend users to update the latest operating system patches immediately, as well as upgrade trend micro security version 12 and set up high-level protection.