Lordofshadow Ransomware Removal Guide

Lordofshadow Ransomware is a malicious application that could be distributed among users who speak French. It looks like it can encrypt various types of data and so it may do a lot of damage to the victims who receive it. However, our researchers could not find a working sample, which suggests the malware might be already inactive. Nonetheless, if you encountered it while it was still being distributed and wish to learn more about it, we encourage you to read our report and find out the details our specialists were able to discover. Also, at the end of the text, we will offer deletion instructions for manual Lordofshadow Ransomware’s removal. Just keep it in mind without a working sample we cannot guarantee these guidelines will work for everyone and so it might be safer to use a reliable antimalware tool instead.

According to the reports, Lordofshadow Ransomware could be spread through Spam emails. Thus, if your system got infected with it, you should blame the suspicious email attachment or any other recently downloaded file. If you believe this might be the case for you, we recommend being more cautious in the future. For example, if the file is downloaded from an unreliable source or came with Spam email, you could scan it with a security tool first. Other than that we can only suggest avoiding data, which raises your suspicion, especially if it does not look extremely important to you.

As said earlier, we could not test a fully-working sample, but even so we were able to determine the file extensions Lordofshadow Ransomware might be after, for example, .gif, .jpg, .jpeg, .tif, .png, .bmp, .3dm, .raw, .pdb, .max, .accdb, .db, .dbf, .mdb, .sql, and other. To be more precise, the malicious application could damage your photos, pictures, videos, archives, documents, etc. What’s more, each of the encrypted files is supposed to receive a second extension called .lordofshadow. Probably soon after the targeted files are all encrypted, the malware should drop a ransom note. In our case, the text in it was in French, and it asked to contact the threat’s creators through a specific email address (lordashadow@gmail.com) if the user wishes to decipher his data.

Contacting the hackers behind Lordofshadow Ransomware is unadvisable since you could be scammed. Especially now when the malware’s server seems to be down, and consequently it might be impossible to reach the unique decryption key that is as important as the decryption tool itself. Therefore, we would recommend not to risk with your savings and try to find other ways to recover encrypted data, for example, maybe you have copies on removable media devices, social media accounts, etc.

Of course, before placing any new data on the computer, it would be best to erase the malicious application. Users can try to do so manually by following the instructions located below or with a reliable antimalware tool of their choice. Lastly, we would like to remind you there is a comments section below if you need any additional help with the removal part or have some questions related to Lordofshadow Ransomware.

Eliminate Lordofshadow Ransomware

1. Press Ctrl+Alt+Delete.
2. Open Task Manager and click on Processes.
3. Find a process related to the malware.
4. Select this process and tap the End Task button.
5. Exit Task Manager.
6. Click Win+E.
7. Locate to the Desktop, Temporary Files, and Downloads locations.
8. Identify a malicious file that got the system infected.
9. Right-click the file you suspect and tap Delete.
10. Erase the ransom note (e.g., LEIA_ME.txt)
11. Close File Explorer.
12. Empty Recycle bin.
13. Reboot the system.