L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the wild, posing a threat to unsuspecting users.

The L00KUPRU ransomware is known to encrypt user files, appending the .L00KUPRU extension to the affected files.

The attackers behind this malware have employed a sophisticated approach, dropping a ransom note as a text file titled “HOW TO DECRYPT FILES.txt.”

This note demands payment in Bitcoin cryptocurrency and displays a pop-up window on the victim’s desktop, providing the attackers’ contact details and the BTC wallet address for the ransom payment.

Free Live Webinar for DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Broadcom has published an article detailing its findings on the L00KUPRU ransomware.

The post includes technical details on the malware’s behavior, such as using encryption algorithms and command-and-control servers. 

Variant Details

A leading cybersecurity firm has identified several variants of the L00KUPRU ransomware, including:

  1. Adaptive-based: ACM.Ps-RgPst!g1
  2. File-based: Ransom.CryptoTorLocker, WS.Malware.1
  3. Machine Learning-based: Heur.AdvML.B

These variants have been designed to evade detection and infiltrate systems, posing a significant threat to individuals and organizations.

The discovery of the L00KUPRU ransomware is a stark reminder of the ever-evolving landscape of cybersecurity threats.

Experts urge users to remain vigilant, keep their systems and software up-to-date, and implement robust backup strategies to mitigate the impact of such attacks.

Collaboration between security researchers, law enforcement, and the public is crucial in combating the rise of sophisticated ransomware variants like L00KUPRU.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

White House Considers Oracle-Led Takeover of TikTok with U.S. Investors

In a significant development, the Trump administration is reportedly formulating a plan to prevent a…

3 hours ago

Critical Vulnerability in IBM Security Directory Enables Session Cookie Theft

IBM has announced the resolution of several security vulnerabilities affecting its IBM Security Directory Integrator…

3 hours ago

Critical Apache Solr Vulnerability Grants Write Access to Attackers on Windows

A new security vulnerability has been uncovered in Apache Solr, affecting versions 6.6 through 9.7.0.…

3 hours ago

GitHub Vulnerability Exposes User Credentials via Malicious Repositories

A cybersecurity researcher recently disclosed several critical vulnerabilities affecting Git-related projects, revealing how improper handling…

4 hours ago

Critical Isolation Vulnerability in Intel Trust Domain Extensions Exposes Sensitive Data

Researchers from IIT Kharagpur and Intel Corporation have identified a significant security vulnerability in Intel…

4 hours ago

Burp Suite 2025.1 Released, What’s New!

Burp Suite 2025.1, is packed with new features and enhancements designed to improve your web…

8 hours ago