Threat Database Ransomware Leitkcad Ransomware

Leitkcad Ransomware

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 6
First Seen: July 24, 2009
Last Seen: February 2, 2021
OS(es) Affected: Windows

The Leitkcad Ransomware is a threatening crypto locker that can shut users out from accessing their own files completely. The threat aims to sneak itself onto the targeted computer and then encrypt nearly all of the files stored there, avoiding only system files that could cause critical system errors and crashes if tampered with. The criminals responsible for unleashing the Leitkcad Ransomware will then extort their victims for money in exchange for the files' potential restoration. It should be noted that infosec researchers discovered significant overlaps between Leitkcad and a previously detected threat named Prometey Ransomware.

When the Leitkcad Ransomware completes the encryption of any file, it proceeds to modify the original name of that file by appending '.leitkcad' as a new extension. It also will drop a text file named 'help-leitkcad.txt' that carries the ransom note with instructions from the hackers.

Instead of relying on email messages as a communication channel, the criminals behind Leitkcad have set up a dedicated website with online chat functionality. Affected users are told to follow the provided link to access the site or encounter any issues to download the TOR browser and try again. The hackers' first message must include the victim's ID - leitckad, a personal key found in the ransom note and an email address. No additional details have been included as the note ends with several warnings.

The full text of the Leitkcad Ransomware's note is:


Your files on this computer have been encrypted due to security issues.

To restore it you should write to the online chat.

To decrypt files follow the instructions below:

1. Open in any browser the link: .

2. Or download and install TOR browser (if TOR blocked in your country you need to install VPN and download it) and follow the link: {.onion_URL}

3. To chat with operator you need to fill the next information on chat page:

- your ID: leitkcad

- personal key: -

- your Email


Do not try to reload your PC.

Do not try to recover information using third party software.

Do not attempt to use anti-virus.

Do not try to uninstall programs.

All these actions will lead to data loss and unrecoverable.'


Most Viewed