'Love.server@mail.ru' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 63 |
First Seen: | December 14, 2016 |
Last Seen: | August 23, 2022 |
OS(es) Affected: | Windows |
The 'Love.server@mail.ru' Ransomware is named after the email love.server@mail.ru, which victims are welcomed to contact after they made a payment and needed to require a decryption key. Researchers were provided with samples of the 'Love.server@mail.ru' Ransomware in December 2016, which revealed the Trojan is aimed at Web servers and online shop infrastructures. Further investigation into the 'Love.server@mail.ru' Ransomware showed that the Trojan might use the email 'file.recover@mail.ru,' as well as other Mail.ru-based accounts. It is not clear whether the team behind the 'Love.server@mail.ru' Ransomware a.k.a. LoveServer Ransomware consists of Russian citizens. We received reports from Spain, Germany, and the UK regarding the 'Love.server@mail.ru' Ransomware and it is safe to assume the targets of the LoveServer Ransomware are not limited to Russia.
Without The 'Love.Server@mail.ru' Ransomware Transfers Files to a Password Protected Archive with No Extension
The LoveServer Ransomware behaves similarly to threats like the WinRarer Ransomware and the RarVault Ransomware. Researchers found out that the 'Love.server@mail.ru' Ransomware is not your typical encryption Trojan. Instead of encrypting individual files, the LoveServer Ransomware is programmed to transfer your data to a password protected archive named 'BACKUP DONT DELETE,' which lacks a file extension. The vault called 'BACKUP DONT DELETE' is likely to be represented by a white icon in the Windows Explorer, and you can find the 'BACKUP DONT DELETE' archive on your drive with most free space. The folders that used to host your data are emptied and are not deleted. Evidently, the Trojan associated with the email account 'file.recover@mail.ru' does not move the files stored in system folders such as:
- AppData
- Program Data
- Program Files
- Program Files (x86)
- Windows
Web server administrators have reported that the ransom note is presented as 'R-E-A-D-M-E.txt' on the desktop of the server machine. It appears that the 'Love.server@mail.ru' Ransomware sends information like the IP address of the infected computer and the private decryption key to its 'Command and Control' servers. Victims are suggested to contact 'Love.server@mail.ru' for instructions on how to make a payment. 'R-E-A-D-M-E.txt' offers the following notification:
'Hello,
I crypted all your important data
I stored the crypted data in your hard disk.
If you want to become your date back, send me an email containing your ip adress.
Your ip adress: [your real IP address]
Email: love.server@mail.ru'
You can't Break into the Vault of the LoveServer Ransomware without the Correct Password
Judging by the reports from users, the primary targets of the operators behind the LoveServer Ransomware are servers. Fortunately, most server administrators follow a strict backup schedule and are very likely to have backup images of the affected drives. Regular computer users could use the Shadow Volume Copies made by Windows, as well as services like Dropbox, Mega, and Google Drive to recover from an attack with the LoveServer Ransomware. The best defense against threats like the LoveServer Ransomware is to be prepared and double-check documents you download from the Internet. Threats like the 'Love.server@mail.ru' Ransomware and the CryptoHost Ransomware should be purged with the help of a trusted anti-malware scanner to secure a clean machine.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.