LLTP Ransomware Removal Guide

Getting infected with a ransomware program is always a very stressful experience. Perhaps, the worst about programs like LLTP Ransomware is that there usually is no way to revert the damage caused, and you have to start all over. However, you should not let that discourage you. When you have to fight a malware infection, you should focus on removing it first and foremost. So when you delete LLTP Ransomware, you can then see what you can do about your encrypted files. To get rid of the malicious infection, you should acquire a powerful antispyware tool because the chances this ransomware application is not the only unwanted program on-board.

It is obvious that when a malicious program like LLTP Ransomware enters your computer, it connects to the Internet without your permission, and it cannot be removed via Control panel. Ransomware programs are on a whole different level compared to the fake antispyware applications we dealt with several years ago. LLTP Ransomware itself is a very new infection that was first spotted on March 21st, 2017. Judging from the program’s setup, it must be a rewritten version of the previously released VenusLocker Ransomware. Both programs share a system background, but they use different email addresses for contact.

Here is what LLTP Ransomware says when it is done with the file encryption:

You are hacked
Your personal files are encrypted

To decrypt and recover all your files, you need to pay 200 US dollars for decryption device.

1. Exchange 200 USD (or equivalent local currencies) to Bitcoins, and then send these Bitcoins to our Bitcoin receiving address: 19fhNi9L2aYXTaTFWueRhJYGsGDaN6WGc

2. Send your Personal ID to our official email: LLTP@mail2tor.com

Aside from displaying this message on your screen, the program also leaves a ReadMe.txt document on your desktop. We have also found that LLTP Ransomware displays a ransom note in Spanish. This shows that the program wants to cover as many computers as possible, in different countries. Naturally, the more computers get affected by the program, the bigger is the possibility that the criminals behind this despicable act will make a lot of money.

Needless to say, it is not possible to restore the encrypted files manually. LLTP Ransomware uses the AES-256 algorithm to decrypt the target files, and virtually the only way to restore files once the bytes in them have been scrambled is to use the original decryption key. That key is the possession of the cyber criminals behind this scam.

The program can encrypt a lot of different file formats, so it is very likely that almost all of your frequently-used documents will be locked by this program. The list of encrypted files will be stored in the %UserProfile% directory. The program will create a folder called lltprwx86, and there will also be a desktop background file with the bg.jpg filename. You can remove those files and folders via the directory or through Registry Editor. It is up to you how to plan to remove LLTP Ransomware.

However, please remember that you need to protect your data and your computer from similar intruders in the future. Therefore, always keep a system backup where you save all of your important files. It can be an external hard drive or some other type of storage. Also, do not open unfamiliar attachments from spam email messages as they might be the ransomware installer files. For more information, please feel free to contact us by leaving a comment below.

How to Delete LLTP Ransomware

1. Open your Downloads folder.
2. Remove the most recently downloaded files.
3. Press Win+R and the Run prompt will open.
4. Type %TEMP% into the Open box and click OK.
5. Remove the lltprwx86 folder from the directory.
6. Press Win+R again and enter regedit. Press OK.
7. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
8. Remove the LLTP %UserProfile% key.
9. Navigate to HKEY_CURRENT_USER\Control Panel\Desktop.
10. Remove the Wallpaper "%UserProfile%\bg.jpg" entry from Desktop.
11. Delete the RansomNote3.5.exe and LEAME.txt files from desktop.
12. Run a full system scan with an antispyware tool.