LokiLocker Ransomware Packs Data Wiping Capabilities

BlackBerry has warned of a new ransomware family identified as LokiLocker. The RaaS family targets Windows systems by threatening to overwrite a victims Windows Master Boot Record (MBR), which in turn wipes all files and renders the machine completely unusable. However, when that tactic is taken into play, it negates all conversations of payments. BlackBerry has pointed to some evidence that suggests LokiLocker was developed by Iranian hackers and designed to target English-speaking victims.

Aimei Wei, CTO and Founder, Stellar Cyber had this to say:

“The research shows that Ransomware is happening at scale. It is provided as a service to many affiliates. It is also becoming more destructive. Besides encrypting files, it also wipes the system. The chance of being hit has greatly increased and consequence is bigger. People should always have data backup, preferably offline, and exercising caution when downloading files or opening attachments. In addition, for organizations, deploying a threat detection and response system or using a threat detection/response service may help to quickly discover the attack, disrupt/stop it from spreading and reduce the damage.”

This is important to item to note:

At the time of writing this, there is no free tool to decrypt files encrypted by LokiLocker. If you are already infected with LokiLocker ransomware, the recommendation by most official security authorities – such as the FBI – is not to pay the ransom. Quite apart from the fact that every victim who pays the ransom perpetuates the global growth of ransomware, remember that you’re dealing with criminals here, and there is no guarantee that you’ll regain access to your data, even if you pay up. Finally, even if you’re data is restored, there is no way to know whether the threat actor planted a backdoor somewhere on your machine, for easy future access. After all, people who pay one ransom can often be persuaded to pay another.

When it comes to ransomware of all types, often the best thing we can do as defenders is to make every effort to stay one step ahead of the threat actors, even when the journey proves complex and arduous.

With that in mind. Prevention is the key to not getting pwned by this. Thus companies need to do whatever is required to ensue that they don’t become victims of this ransomware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: