LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea - #LokiLocker
2023-05-16 _The AhnLab Security Emergency Response Center (ASEC) has identified the distribution of LokiLocker ransomware in Korea, which shares striking similarities with the previously reported BlackBit ransomware. Both strains of ransomware disguise themselves as svchost.exe files and use the same obfuscation tool, .NET Reactor, to hinder analysis. They also register themselves to the task scheduler and registry for malware persistence._ _LokiLocker and BlackBit exhibit similar behavioral patterns, such as generating a ransom note before starting the encryption process, deleting volume shadows to impede recovery, and engaging in activities aimed at obstructing detection and information leakage. Upon successful infection, LokiLocker creates a ransom note named Restore-My-Files.txt in each infected folder path, with the note and infected file icons closely resembling those of BlackBit ransomware._ _To protect against ransomware infections like LokiLocker, users should exercise caution when running files from unknown sources and always scan suspicious files with an up-to-date anti-malware program. --Brian Sayer_ [View Article](https://asec.ahnlab.com/en/52570/)