LightningCrypt Ransomware Removal Guide

Threat Level:
9/10
Rate this Article:
Comments (0)
Article Views: 340
Category: Trojans

There is a new Ransomware-type program called LightningCrypt Ransomware being distributed on the web. This program is rather new as it first appeared on the 25th of May, 2017. This program is set to encrypt your files and demand that you pay a 0.17 BTC ransom to decrypt them. However, you cannot trust cyber criminals to decrypt your files after you have paid, so you might want to consider removing this ransomware instead. Your computer might become infected with this ransomware by email spam or malicious downloads, so if you do not have an anti-malware program on your PC and launch the executable of this ransomware, then your files will become encrypted.

Before we dig into the functions of this ransomware, we want to discuss its distribution methods so that you could avoid getting it on your PC in the first place. We have received information that this particular program is currently distributed using malicious emails that try to trick users into thinking that the emails are legitimate. The emails can pose as receipts, invoices and various notices but contain an attached file that may also be zipped. We have found that the zipped file can contain a malicious file that can be named ChkDsk.exe. The name of the executable is significant because it is the same name as the command line tool that checks hard drives. If you mistake the fake executable for the disk checker, then you might accidentally infect your PC with ransomware.

Once on your PC, LightningCrypt Ransomware will start doing its dirty work immediately. It will change the desktop background to its ransom note. Then, it will open a text file with instructions on how to pay the ransom and also launch the main program window. Once all of this is done, it will drop three files on the desktop of the infected PC. The files are LightningCrypt_Recover_Instructions.txt, LightningCrypt_UniqeID.txt, and LightningCrypt_Recover_Instructions.png. Once all of the files are in place, this ransomware will start encrypting files.

As far as we can tell, LightningCrypt Ransomware uses an advanced encryption algorithm to encrypt your files. The algorithm is strong, so decrypting it with a third-party tool can be next to impossible. Our research has revealed that this ransomware targets file types such as .avi, .dll, .doc, .docx, .dot, .dotm, .exe, .jpg, .lnk, .mp3, .mp4, .nef, .odt, .pdf, .pif, .png, .png, .rar, .txt, .url, .wav, and .zip. As you can tell from this list, this ransomware focuses on encrypting your documents, audio and video files as well as pictures. Basically, it seems that it was set to encrypt files types that are more likely to contain personal and, thus, valuable information. Furthermore, research has shown that this ransomware will attempt to connect to Arizonacode.bplaced{.}net, Rammichael.com/downloads/7tt_setup{.}exe, Lolaail.bplaced.net/4rw5wdecryptor{.}exe, Rammichael{.}com, Lupa-romana{.}de/blog/tag/marcus-antonius. The program connects to these URLs secretly. LightningCrypt Ransomware wants you to pay 0.17 Bitcoins to decrypt your files. However, you should take into account the fact that the cyber criminals might not send you the decryption key once you have paid.

In closing, LightningCrypt Ransomware is a highly malicious application that is distributed using email spam and possibly even through malicious software download websites. This program is highly malicious, so you should get rid of it as soon as possible. Paying the ransom is a gamble because there is no telling whether the cyber criminals will send you the decryption key. Therefore, we suggest that you remove and you can do that by using our guide or get an anti-malware program such as SpyHunter to eradicate it automatically.

Manual Removal Guide

  1. Press Windows+E keys.
  2. Enter the following file paths and press Enter.
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  3. Delete recently installed malicious files.
  4. Close the File Explorer.
  5. Press Windows+R keys.
  6. Enter regedit in the box and press Enter.
  7. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  8. Identify suspicious new entries and delete them.
  9. Close the Registry Editor.
  10. Go to the desktop and delete LightningCrypt_Recover_Instructions.txt, LightningCrypt_UniqeID.txt, and LightningCrypt_Recover_Instructions.png
Download Remover for LightningCrypt Ransomware *
*SpyHunter scanner, published on this site, is intended to be used only as a detection tool. To use the removal functionality, you will need to purchase the full version of SpyHunter.

LightningCrypt Ransomware Screenshots:

LightningCrypt Ransomware
LightningCrypt Ransomware
LightningCrypt Ransomware

Reply

Your email address will not be published.

Name
Website
Comment

Enter the numbers in the box to the right *