Leitkcad Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 6 |
| First Seen: | July 24, 2009 |
| Last Seen: | February 2, 2021 |
| OS(es) Affected: | Windows |
The Leitkcad Ransomware is a threatening crypto locker that can shut users out from accessing their own files completely. The threat aims to sneak itself onto the targeted computer and then encrypt nearly all of the files stored there, avoiding only system files that could cause critical system errors and crashes if tampered with. The criminals responsible for unleashing the Leitkcad Ransomware will then extort their victims for money in exchange for the files' potential restoration. It should be noted that infosec researchers discovered significant overlaps between Leitkcad and a previously detected threat named Prometey Ransomware.
When the Leitkcad Ransomware completes the encryption of any file, it proceeds to modify the original name of that file by appending '.leitkcad' as a new extension. It also will drop a text file named 'help-leitkcad.txt' that carries the ransom note with instructions from the hackers.
Instead of relying on email messages as a communication channel, the criminals behind Leitkcad have set up a dedicated website with online chat functionality. Affected users are told to follow the provided link to access the site or encounter any issues to download the TOR browser and try again. The hackers' first message must include the victim's ID - leitckad, a personal key found in the ransom note and an email address. No additional details have been included as the note ends with several warnings.
The full text of the Leitkcad Ransomware's note is:
'Caution!!!
Your files on this computer have been encrypted due to security issues.
To restore it you should write to the online chat.
To decrypt files follow the instructions below:
1. Open in any browser the link: .
2. Or download and install TOR browser (if TOR blocked in your country you need to install VPN and download it) and follow the link: {.onion_URL}
3. To chat with operator you need to fill the next information on chat page:
- your ID: leitkcad
- personal key: -
- your Email
Attention!
Do not try to reload your PC.
Do not try to recover information using third party software.
Do not attempt to use anti-virus.
Do not try to uninstall programs.
All these actions will lead to data loss and unrecoverable.'
