Ransomware Research
LCRY Ransomware
LCRY is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on August 1, 2021, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- LCRY
- First Seen
- August 1, 2021
How LCRY Ransomware Works
Targeted Files
full extension -> \.[A-Z]{4}\.LCRY encrypts first 0x3E800 bytes
File Encryption Patterns
LCRY modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..LCRY
._lcry_enc
Ransom Note and Payment Demands
After encrypting files, LCRY displays ransom notes demanding payment for file recovery:
LCRY_README.txt
Ransom message:
notes/LCRY_README.txt
Note locations:
RootDirectory
Technical Indicators
Associated Executable Files
The following executable files are associated with LCRY ransomware:
winnt32.exe
LCRY1.exe
LCRY.exe
LCRY_new.exe
Elastio Can Help You
Don't let LCRY ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This LCRY ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like LCRY.
Last updated: July 30, 2025