Friday, February 14, 2025
HomeCyber Security NewsL00KUPRU Ransomware Attackers discovered in the wild

L00KUPRU Ransomware Attackers discovered in the wild

Published on

SIEM as a Service

Follow Us on Google News

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the wild, posing a threat to unsuspecting users.

The L00KUPRU ransomware is known to encrypt user files, appending the .L00KUPRU extension to the affected files.

The attackers behind this malware have employed a sophisticated approach, dropping a ransom note as a text file titled “HOW TO DECRYPT FILES.txt.”

This note demands payment in Bitcoin cryptocurrency and displays a pop-up window on the victim’s desktop, providing the attackers’ contact details and the BTC wallet address for the ransom payment.

Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Broadcom has published an article detailing its findings on the L00KUPRU ransomware.

The post includes technical details on the malware’s behavior, such as using encryption algorithms and command-and-control servers. 

Variant Details

A leading cybersecurity firm has identified several variants of the L00KUPRU ransomware, including:

  1. Adaptive-based: ACM.Ps-RgPst!g1
  2. File-based: Ransom.CryptoTorLocker, WS.Malware.1
  3. Machine Learning-based: Heur.AdvML.B

These variants have been designed to evade detection and infiltrate systems, posing a significant threat to individuals and organizations.

The discovery of the L00KUPRU ransomware is a stark reminder of the ever-evolving landscape of cybersecurity threats.

Experts urge users to remain vigilant, keep their systems and software up-to-date, and implement robust backup strategies to mitigate the impact of such attacks.

Collaboration between security researchers, law enforcement, and the public is crucial in combating the rise of sophisticated ransomware variants like L00KUPRU.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has...

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...

Arbitrary File Upload Vulnerability in WordPress Plugin Let Attackers Hack 30,000 Website

A subgroup of the Russian state-sponsored hacking group Seashell Blizzard, also known as Sandworm,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code

A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has...

New Microsoft Windows GUI 0-Day Vulnerability Actively Exploited in the Wild

A newly discovered vulnerability in Microsoft Windows, identified by ClearSky Cyber Security, is reportedly...

Burp Suite Professional / Community 2025.2 Released With New Built-in AI Integration

PortSwigger has announced the release of Burp Suite Professional and Community Edition 2025.2, introducing...