LockMe Ransomware Description
LockMe Ransomware is a file-encrypting malware program that is out in the wild and was first detected on 2nd Feb, 2018. Security researchers had reported that the threat uses AES-256 and RSA-2048 encryption algorithm to encode files on the attacked PC and appends ‘.lockme‘ extension to the encrypted files.
It is analyzed that the LockMe Ransomware mostly targets English and Russian-speaking users. And is distributed through phishing email campaigns similar like Dream_dealer@aol.com Ransomware. Unfortunately, if the user downloads the infected mail attachment that is actually a macro-enabled document containing the payloads of the virus. Upon clicking, the document starts running the script and LockMe Ransomware gets installed on the attacked computer system.
After installed, LockMe Ransomware searches for the important documents, photos, video, audio, databases, PDFs and other local drives. The infection uses AES cipher to transcode the data that are locked by the filename and the‘.lockme’ suffix. For example, blackcat.jpg is renamed to blackcat.jpg.lockme.
After the encryption process been done, then the Ransomware drops a file named as ‘README_FOR_DECRYPT_YOUR_FILES.txt’ on the desktop and the encryption locations.
The ‘README_FOR_DECRYPT_YOUR_FILES.txt’ file reads as:
‘All of your files have been Encrypted with military grade system and impossible to brute force, cracking, or reverse engineering it !
If you want all of your files back send me 0.03 BTC .
[+] Your Unique ID : [RANDOM CHARACTERS]
[+] Send BTC To This Address : 1LockMeEPLr4ZRsoht8Wp6idBsT5TuBXtX
[+] Send BTC : 0.03 BTC
[+] Contact Email : LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com
*) Don’t try change the ‘.lockme’ extensions , if you change it , your all files can be broken and can’t be restored forever .
*) If you’ve made a payment contact LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com .
*) If you not made a payment all of your private files will be leaked on internet (private photos, documents, videos, and more) .
Question : How to buy Bitcoin ?
Answer : You can buy Bitcoin at this Website : bitcoin.com , coinbase.com , cex.io , paxful.com , coinmama.com , etc .
[+] Your IP : [YOUR REAL IP ADDRESS]
[+] Your ID : [RANDOM CHARACTERS]’
According to the ransom note, the authors demands 0.3 Bitcoin (1815 USD/1461 EUR) as ransom. LockMe Ransomware describes it as the ‘LockMe Decryptor’ software which means after paying the amount amount the user will be provided with the decryption key to decode the locked files.
However, there is no any guarantee that they will decrypt all the files after receiving the payment. Thus, security researchers advise not to pay the ransom to the authors of LockMe and quickly remove the threat from the PC. Also, you can try recovering your data from backups if any or take the help of data recovery software programs.