VBScript Ransomware LCRYX Targets Users With Advanced Techniques

EXECUTIVE SUMMARY:

LCRYX ransomware is a VBScript-based threat that encrypts files with the '.lcryx' extension and demands a $500 Bitcoin ransom. It ensures execution with administrative privileges, modifies Windows registry settings to disable Task Manager, Command Prompt, and security tools, and blocks diagnostic programs. The ransomware also turns off User Account Control (UAC) and prevents inactivity timeouts, making it harder for users to stop the attack.[emaillocker id="1283"]

LCRYX maintains control by setting itself as the default shell and debugger for cmd.exe, ensuring execution on login and system interactions. It disrupts user control by remapping keyboard keys, swapping mouse buttons, and changing file attributes to stay hidden. The ransomware disables antivirus monitoring, encrypts files using Caesar cipher and XOR encryption, and deletes backups and shadow copies to prevent recovery.

The return of LCRYX highlights the dangers of VBScript-based threats and the need for strong cybersecurity. To prevent attacks, users should use security solutions, keep backups offline, and avoid suspicious email attachments or links. Regular software updates help close security gaps, and staying informed about ransomware threats is key to protection.

THREAT PROFILE:

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/500-bitcoin-demand-lcryx-ransomware-cripples-windows/