What is Laposada Ransomware?

Laposada ransomware is a type of malware that encrypts all the files on a computer until the user pays a ransom. Files encrypted by Laposada will have a .laposada-bfkruyz extension appended at the end of the file name. Laposada is delivered through a Win32 EXE file and has been spotted inside the following files and processes:

What is Ransomware?

Ransomware is a type of malware that encrypts the victim’s files, so that the hacker can extort money from the victim. The hacker then demands a ransom for the encryption key needed to decrypt the victim’s files.

How Does Ransomware Spread?

Ransomware is typically distributed through a few different attack vectors. One of the most popular is via a phishing email. The messages look legitimate, but they actually contain an attachment or a link to a website that's infected with malware. The malware is executed when the victim clicks on the attachment or opens the malicious file. Other attack vectors include drive-by download attacks and exploit kits.

Laposada Ransomware Capabilities

Laposada ransomware uses masquerading attack techniques to make it appear legitimate to users and security tools. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.

Mitigations Against Laposada Ransomware

Laposada ransomware can be mitigated by verifying that signed binaries are used. This will ensure that the binaries are from a trusted source and have not been altered.

How to Remove Ransomware?

Ransomware detection and removal is not a simple process, as there are many different types of ransomware. There are also many different ways in which ransomware can be spread, so it is impossible to pinpoint a single method that will remove all forms of ransomware. However, you can take steps to protect yourself and your devices against ransomware. First and foremost, make sure you only download software from trusted sources. Never click on links sent from unknown accounts, and make sure you always keep your operating system and installed programs up to date.

How to Protect Against Ransomware?

There are two main ways you can protect yourself from ransomware. The first is by backing up your data. This is the simplest way to prevent ransomware from affecting your computer if it does get infected. The second is by installing antivirus software on your computer. This will help prevent ransomware from getting onto your computer in the first place.

1. Ensure your backups are up to date and test your recovery plan. This means regularly testing your backups to ensure they work and can be used to restore your systems in an emergency quickly. Backups are the first and best line of defence against ransomware, so make sure they're in place and up to date. 
2. Train your users to spot suspicious emails and links. The best protection against ransomware starts with your end-users. Make sure they know what to look out for and how to report potential attacks. 
3. Use security software with ransomware protection built-in. If a ransomware infection does occur, this technology can detect and block it from encrypting your systems.