LokiLocker, a Ransomware Similar to BlackBit Being Distributed in Korea

AhnLab Security Emergency response Center(ASEC) has confirmed the distribution of the LokiLocker ransomware in Korea. This ransomware is almost identical to the BlackBit ransomware and their common traits have been mentioned before in a previous blog post. A summary of these similarities is as follows.

Similarities Between LokiLocker and BlackBit

• Disguised as svchost.exe


• Same obfuscation tool used (.NET Reactor)


• Registered to the task scheduler and registry (persistence of malware)


• Ransom note and the new file icon image set after encryption …

ahnlab asec blackbit ransomware blog blog post center distributed distribution emergency korea lokilocker malware analysis ransomware response security