LDPR Ransowmare Description
The LDPR Ransomware is a file encoder Trojan that was reported by compromised server administrators on April 22nd, 2019. Malware researchers looking into the LDPR Ransomware cases classify the Trojan as a variant from the Dharma Ransomware family. The LDPR Ransomware Trojan appears to have been injected into servers through compromised remote desktop accounts. However, it is possible some security incidents may be related to corrupted WordPress plug-ins. IT security teams may want to run complete system scans and make sure there are no questionable connections to their servers. The LDPR Ransomware should not be underestimated as it has proven that data is locked for good. The malware employs secure encryption standards and overwrites targeted data. Databases, images, text and some server configuration files are overwritten when the attacks take place. Server administrators can't access their data and can move, copy and delete it only. Transcoded data receives new filenames, and file icons revert to generic white icons.
The LDPR Ransomware follows a strict rename scheme that is listed below:
For example, 'Plitvice Waterfalls.png' is renamed to:
The ransom note is packed in 'FILES ENCRYPTED.txt' that reads:
'all your data has been locked us
You want to return?
write email: firstname.lastname@example.org'
The ransomware actors appear to be using the 'email@example.com' email account and may leave an HTA program in the Temp directory called 'firstname.lastname@example.org.HTA.' Do not follow the payment instructions on your screen and directions sent from the 'email@example.com' email account. Remove files left from the LDPR Ransomware using a respected security suite and make sure to boot clean data backups. Detection names for the LDPR Ransomware are listed below:
A Variant Of Win32/Filecoder.Crysis.P
Trojan ( 00519f781 )