Summary: LCRYX ransomware has resurfaced with advanced evasion tactics since its initial discovery in late 2024. This VBScript-based malware employs a unique combination of encryption methods and aggressive persistence techniques, severely disrupting system operations and user control. Victims face a 0 ransom demand in Bitcoin for the decryption of their encrypted files, further complicated by LCRYX’s destructive capabilities, including overwriting the Master Boot Record (MBR).
Affected: Individuals and organizations targeted by ransomware attacks
Keypoints :
- LCRYX employs a combination of Caesar cipher and XOR encryption to lock files.
- The malware disables important Windows security features and diagnostic tools to prevent user intervention.
- Features include altering system settings to maintain persistence, encrypting files with a .lcryx extension, and erasing backups to hinder recovery.
- It generates psychological distress by prompting users to engage with a deceptive pop-up regarding file decryption.
- LCRYX can overwrite the Master Boot Record (MBR), rendering systems unbootable, akin to tactics used by other destructive ransomware.
Source: https://securityonline.info/500-bitcoin-demand-lcryx-ransomware-cripples-windows/