The Lilocked ransomware has already infected thousands of Linux-based web servers since mid-July.
The Lilocked ransomware was first reported at the end of July by the popular malware researcher Michael Gillespie after a sample has been uploaded to his ID Ransomware service.
The infection caused the encrypted files to appear in the Google search results.
According to the Tweet user Jay
This thesis is also supported on a thread on a Russian-speaking forum that speculates the hackers have been targeting systems running outdated Exim software.
At the time of writing security experts are searching for a Lilocked sample to analyze to shed the light on its infection process.
The ransomware encrypts files and appends the
The ransom note instructs victims on how to make ransom payments through a Tor payment portal, it also includes a key to log in to the payment site.
The payment portal includes detailed instructions to pay the ransom, including the
“At this time, there is no known way to decrypt files encrypted by Lilu, but if a sample is discovered that may change.” reads the post published by
“BleepingComputer has also reached out to the contact email listed on the Tor site with questions, but had not heard back at the time of this publication.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.