Loki Locker Ransomware is a form of malware that mostly spreads via unreliable downloads, social engineering attacks, phishing emails, and questionable advertising content.
Loki Locker Ransomware locks the victim’s data and then demands a ransom payment in exchange for a file decryptor. The affected data can be almost any file type, including photos, music, documents, and videos.
Loki Locker Ransomware is identified by the drastic changes it inflicts on the encrypted filenames. Loki Locker Ransomware adds an email address and a unique ID string at the front of the filename while adding ‘.Loki’ as a new file extension. The email address used for the modified filenames is ‘recoverdata@onionmail.org.’
After encryption, Loki Locker Ransomware goes to great lengths to ensure that the victim receives the payment instructions. To achieve this, the ransomware’s operators deliver three separate but similar ransom notes. One message appears as a new desktop background image, another is found in the ‘Restore-My-Files.txt text file,’ and the third will appear as a pop-up window.
According to the ransom notes, victims can send the hackers a single file they will supposedly unlock for free and send it back as proof of their ability to decrypt the entirety of the locked files. There are two requirements for the selected file — it must not exceed 2MB in size and shouldn’t contain any important information. The notes also mention that if victims do not receive a response 24 hours after reaching out via ‘recoverdata@onionmail.org,’ they should try messaging the secondary email address at ‘recoverdata@mail2tor.com.’
Although it may seem that the easiest way to deal with the attack is to play ball and pay the ransom, it is never advised to do so, as payment doesn’t guarantee file decryption, and it only encourages the criminals to continue their activity.
Dealing with a Loki Locker Ransomware Infection
Should you get infected with Loki Locker Ransomware, you should scan for and remove associated elements using a reputable anti-malware tool. Additionally, to mitigate damages in the event of a future attack, you should keep offline copies of your valuable data.
