LDPR Ransowmare

LDPR Ransowmare Description

The LDPR Ransomware is a file encoder Trojan that was reported by compromised server administrators on April 22nd, 2019. Malware researchers looking into the LDPR Ransomware cases classify the Trojan as a variant from the Dharma Ransomware family. The LDPR Ransomware Trojan appears to have been injected into servers through compromised remote desktop accounts. However, it is possible some security incidents may be related to corrupted WordPress plug-ins. IT security teams may want to run complete system scans and make sure there are no questionable connections to their servers. The LDPR Ransomware should not be underestimated as it has proven that data is locked for good. The malware employs secure encryption standards and overwrites targeted data. Databases, images, text and some server configuration files are overwritten when the attacks take place. Server administrators can't access their data and can move, copy and delete it only. Transcoded data receives new filenames, and file icons revert to generic white icons.

The LDPR Ransomware follows a strict rename scheme that is listed below:

'..id-[8 random chars].[mr.crypt@aol.com].LDPR'

For example, 'Plitvice Waterfalls.png' is renamed to:

'Plitvice Waterfalls.png.id-696Dfg78.[mr.crypt@aol.com].LDPR'

The ransom note is packed in 'FILES ENCRYPTED.txt' that reads:

'all your data has been locked us
You want to return?
write email: mr.crypt@aol.com'

The ransomware actors appear to be using the 'mr.crypt@aol.com' email account and may leave an HTA program in the Temp directory called 'mr.crypt@aol.com.HTA.' Do not follow the payment instructions on your screen and directions sent from the 'mr.crypt@aol.com' email account. Remove files left from the LDPR Ransomware using a respected security suite and make sure to boot clean data backups. Detection names for the LDPR Ransomware are listed below:

A Variant Of Win32/Filecoder.Crysis.P
GenericRXEA-WW!628C365BC385
Ransom/W32.crysis.94720
Trojan ( 00519f781 )
Trojan.Encoder.3953
Trojan.Win32.Crusis.tpcS
Trojan.Win32.Filecoder.emdnxn
Trojan.Win32.Ransom.94720.F
W32/Trojan.ILHO-9216
Win.Trojan.Dharma-6668198-0

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.