Analysis of LockCrypt ransomware
Introduction: Attackers have been recently breaking into corporate servers via RDP brute force attacks to spread a new variant of ransomware called LockCrypt. The attacks first started in June but there was an increase of attacks in October. The victims were asked to pay 0.5 to 1 BTC to recover their server. LockCrypt encrypts all files and renames them with a ‘.lock’ extension. It also installs itself for persistence and deletes backups. ...