Lockout Ransomware Shows a Legal Notice to Windows Users

New types of ransomware are discovered on a very regular basis. Some of these creations are copy-and-paste jobs, which do not bring anything new to the table. Every now and then, however, a type of ransomware emerges which offers something we have not seen before. Lockout is one of those types of malicious software that offers something interesting, although it is not necessarily a major development.

Lockout Introduces a Legal Notice To its Victims

The bread and butter of ransomware is always the same. Users who get infected with this malicious software see their computer files encrypted, and they are asked to pay a ransom in Bitcoin. Some types of ransomware can be decrypted free of charge, although newer types emerge on a regular basis. Lockout does not appear to be a big threat for now, but it does introduce a legal notice to Windows users infected with this malware.

To be more specific, the Lockout ransomware puts up a legal notice before users log in to the Windows environment. In this legal notice, one can find the necessary payment instructions to get rid of this malicious software. This is a rather remarkable development, as it is not something we have seen ever before. Then again, not paying the ransom demand is always the best course of action.

As the name of the ransomware strain suggests, files will be encrypted and renamed to the “.lockout” extension. Any file with this new extension cannot be opened or executed until the victim decrypts them in the future. Moreover, it also appears Lockout makes modifications to the Windows registry. It is unclear if users can restore files from a backup, though, but it seems unlikely. Most modern types of ransomware delete shadow volume copies as soon as they infect a computer.

Lockout seems to spread itself through a spam email campaign. Once again, this is rather common behavior among malicious software developers. Spam campaigns have proven to be a successful way of distributing malicious payloads to consumers all over the world. These emails often contain an attachment laden with the payload in question. Additionally, it appears some messages redirect users to malicious websites hosting the ransomware payload.

Luckily, it appears people can get rid of the Lockout ransomware with relative ease. According to this post, there are several methods to do so. It is expected a free decryption tool will be made available in the future as well. All of this goes to show ransomware developers are still coming up with new tricks. The legal notice in the startup screen is a novelty, although it will not necessarily result in more victims paying the Bitcoin ransom.

Speaking of the Bitcoin ransom, it is unclear how much money the criminals are demanding in exchange for the decryption key. All of this information can be found in the official payment instructions file, although it is possible the amount will vary depending on the victim and how many files are encrypted at the end. Be wary when opening an email from an unknown sender,  as it may contain this – or any other – type of ransomware.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.