Les# Ransomware

Les# Ransomware Description

Malware experts recently spotted a new ransomware threat emerging. It was given the name Les# Ransomware, and when inspected further it became evident that it is a variant of the infamous Scarab Ransomware.

It has not been confirmed how the Les# Ransomware is being propagated exactly, but it seems very likely that this threat is being spread using spam emails containing infected attachments, bogus updates and corrupted pirated media. When the Les# Ransomware gains access to a PC, it will scan it to locate the data it was programmed to lock. When the files that the Les# Ransomware seeks are located, this threat will begin encrypting them. After undergoing encryption, the names of the affected files would be altered. The Les# Ransomware adds a '.les#' extension at the file name. In this case, when a file named 'hand-lotion.png' goes through the encryption process of the Les# Ransomware, it would be renamed to 'hand-lotion.png.less#.' After completing the encryption process, the Les# Ransomware will drop its ransom note. The note is called 'как расшифровать файлы les#.TXT' which, in Russian, stands for 'how to decrypt files #les.' It is secure to assume that this threat originates from Russia because the whole note is written in Russian. In the note, the attackers inform you what your uniquely generated ID is and go on to inform you that all your data has been encrypted. Then, they go on to say that every 24 hours 24 files will be deleted unless you pay the ransom fee. Also, they state that every 24 hours the price for the decryption key would increase with 30% until it reaches the final price, which is set at 72 hours after the attack. Then, the victim is instructed to contact the attackers via email on 'lesson43@horsefucker.org.' The authors of the Les# Ransomware offer the victim to decrypt two files, up to 1Mb in size for free so that the user sees that they are able to unlock the data they have encrypted.

We would recommend strongly that you do not get in touch and or pay cyber crooks like the ones responsible for the Les# Ransomware. A better approach in this sticky situation is to download and install a trustworthy anti-spyware application and have it wipe the Les# Ransomware off your system.