file encryption

LCRYX ransomware, a VBScript-based threat, re-emerged in February 2025 after first appearing in November 2024. It encrypts files with the .lcryx extension and demands a ransom of 0 in Bitcoin for decryption. The ransomware operates with administrative privileges, disables essential system tools like Task Manager and Command Prompt, and restricts access to the Control Panel. It prevents the execution of diagnostic tools and disables inactivity timeouts. LCRYX ensures persistence by modifying registry settings and remapping keyboard keys. It uses a combination of Caesar cipher and XOR encryption techniques, eliminates backups, and makes recovery nearly impossible. The malware terminates essential processes, overwrites the Master Boot Record, and disables real-time monitoring features of antivirus solutions. After encryption, it generates a ransom note directing victims to a payment website. Some variants display pop-ups revealing the victim’s IP address or launch unrelated applications. Users are advised to implement comprehensive security solutions and maintain regular backups.