New information has started coming forth regarding the reemergence of the new and better version of the LockCrypt ransomware that was being distributed and subsequently redistributed via hacked remote desktop services. The first piece of difference between the two versions seems to be that this virus encrypts a victim’s files and then appends the .1btc extension to mark all the files that are left affected. The previous version hid the changes in the extension signaling that it wanted it to remain undetected that the PC had been compromise. A specific ransomware removal scan would have to be run in order to detect and remove the ransomware.
The common feature between the two versions is that the attackers look for accessible computers to run the Remote Desktop Services while also trying to disrupt and gain control of the force login credentials. Once the attackers have broken through the firewall and other defenses, it will look to execute the ransomware on as many computers through the network as possible.
After the ransomware has carried out the execution command, it encrypts the computer or computers affected. The ransomware developers then provide contact info about how the victim can pay the ransom money. If there are multiples machines that need decryption then the users will be able to pay a reduced price.
The new version works in a similar fashion. Apart from that, the developers have also changed their email addresses as reports began emerging of there being several police complaints being launched to track the suspected developers of this ransomware. The change in the extension is another feature that differentiates the two versions. The current variant of the virus has been in distribution since the tail end of December 2017. The ransomware begins its attack by encoding the file names with Base64. Afterwards, it’ll append the .1btc extension.
It’s yet to emerge just how the developers of this ransomware are asking for. Attempts to remove ransomware through different tools have failed. The developers state in their ransom notes that the price for the decryption will be in Bitcoins. Allegedly the ransom could be as much as 1 BTC per PC.
