There is only one file type that uses the .LILOCKED extension:
Lilocked Ransomware Encrypted File
A file with a .lilocked extension is a file that has been encrypted by Lilocked (also known as Lilu) ransomware, a type of malware utilized by cybercriminals. It is encrypted so it is not possible to open the file by simply changing the file extension.
The purpose of the Lilocked ransomware is to target Linux-based web servers and exploit flaws in software running on the servers, most notably defunct Exim software. After the virus gains root access, it takes files on the servers hostage and forces the server administrators to pay the perpetrator to unlock the files.
The ransomware takes files on the web server hostage by encrypting them and appending the .lilocked extension onto the extensions of the files. For example, a sample.css file becomes sample.css.lilocked.
The ransomware typically does not encrypt server system files, only web-related files, such as .HTML, .CSS, .PHP, and .JS files. After encrypting the files, the virus generates a ransom note (#README.lilocked) in each folder on the server to inform the server administrators about the takeover and the steps required to recover the files.
Currently, there is no program available to effectively open or restore LILOCKED files on a server. However, the administrator can restore the server from a previous backup to remove infected files and the Lilocked virus.
NOTE: LILOCKED files became prevalent in July 2019.
|Restore from backup|
Updated: February 16, 2020