LightningCrypt Ransomware DescriptionType: Ransomware
The LightningCrypt Ransomware is a ransomware Trojan that is designed to encrypt victims' files, making them inaccessible. Once the LightningCrypt Ransomware has encrypted the victim's files, it demands the payment of a large ransom by exhibiting a ransom note on the victim's computer. The files affected by the LightningCrypt Ransomware attack will be easily identifiable because the LightningCrypt Ransomware will add the file extension '.LIGHTNING' to the end of each affected files' names. The LightningCrypt Ransomware creates a text file on the victim's desktop. This file, named 'LightningCrypt_Recover_Instructions.txt' will include instructions on how to pay the ransom required to recover from the LightningCrypt Ransomware attack. Apart from this text file, the LightningCrypt Ransomware also will display its ransom note in the form of a pop-up message.
The Lightning that Brings Darkness to Your Files
The LightningCrypt Ransomware will demand a payment of .17 BitCoin, which will correspond to several hundred US dollars, according to the current trade rate. The LightningCrypt Ransomware's ransom note claims that attempting to restore the files manually will result in their deletion, a typical threat observed in many of these attacks. However, the LightningCrypt Ransomware encrypts the victim's files using a strong encryption method, making it nearly impractical to recover the files once they have been affected. Malware analysts strongly advise computer users to refrain from paying the LightningCrypt Ransomware ransom. Research has demonstrated that the con artists rarely will follow through with their promise of restoring the victim's files as soon as the payment has been carried out. They are just as likely to ignore the victim's requests and may even re-infect the victim's files or even demand more money. Since may not be possible to restore files encrypted by the LightningCrypt Ransomware attack currently, you should take preventive measures to ensure that you can restore your files from a backup copy in the event of a LightningCrypt Ransomware infection or an attack from another encryption ransomware Trojan.
How Infections Like the LightningCrypt Ransomware Work
There is very little to differentiate the LightningCrypt Ransomware from the countless other ransomware Trojans that are being used to attack computers around the world currently. All of these ransomware Trojans use a similar attack strategy, encrypting the victims' files with a strong encryption method and them making ransom demands. The few differences from one ransomware threat to another are limited to the amount of the ransom and the branding and messaging used in the ransom note. While some ransomware Trojans use ransom notes that make it seem as if the message is coming from a security provider offering help, other ransomware Trojans will be more direct and go as far as making fun or insulting the victims of the attack. Most ransomware Trojans like the LightningCrypt Ransomware are distributed using social engineering tactics, the most common of which are the use of corrupted spam email attachments, which may use corrupted scripts to download and install the LightningCrypt Ransomware onto the victim's computer. PC security researchers also have noticed the presence of ransomware Trojans like the LightningCrypt Ransomware on torrent networks where pirated software is distributed or through the use of corrupted online links and advertisements. Exercising caution when handling any potentially threatening online content is the best way to prevent these attacks.
The following is the full message contained in the LightningCrypt Ransomware's ransom note:
YOU BECAME A VICTIM OF the LightningCrypt Ransomware!
ALL YOUR FILES HAVE BEEN ENCRYPTED
FOR EACH TRY TO FO ANYTHING I WILL DELETE FILES
PAY 0.17 BITCOINS TO THIS ADDRESS: 1LSgvYFY7SDNje2Mhsm51FxhqPsbvXB
YOU CAN BUY BITCOINS ON 'BLOCKCHAIN.INFO'
SEND YOUR UNIQUE ID IN THE DESCRIPTION OF THE BITCOIN PAYMENT
YOU CAN FIND THEM IN YOUR DESKTOP IN 'LIGHTNINGCRYPT_UNIQUEID.TXT'
AFTER THE PAYMENT YOUR FILES WILL BE DECRYPTED!
HAVE FUN 😉
PAY 0.17 Bitcoins to: 1LSgvYFY7SDNje2Mhsm51FxhqPsbvXB'
Avoid paying the LightningCrypt Ransomware ransom and instead recover your files from a backup copy. A reliable security program that is fully up-to-date can be used to remove the LightningCrypt Ransomware infection (but not recover the affected files) or prevent it from being installed in the first place.
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.