A security researcher who goes under the name Petrovic uncovered a new ransomware dubbed LooCipher that is distributed via a spam campaign.
How is it propagated?
Encryption and ransom note
LooCipher encrypts all the files on the infected computer and appends the .lcphr extension to the encrypted files. It does not delete the original unencrypted files, instead leaves them behind as zero-byte files.
“You have five days since your files were encrypted. After this period, your key will be automatically destroyed (except for the case of having made the transaction within the period but because of the transaction remains pending of being confirmed by the blockchain this period is exceeded. In this case the key will remain safe throughout all this ‘pending of being confirmed’ status of your transaction and additionally it will remain 7 days more after your transaction is confirmed in order that you have enough time to recover your files,” the ransom note read, BleepingComputer reported.
Decryption
Publisher