LowLevel04 Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 9 |
First Seen: | November 3, 2016 |
Last Seen: | July 6, 2022 |
OS(es) Affected: | Windows |
The LowLevel04 Ransomware is a ransomware Trojan that is being distributed through Remote Desktop and Terminal services involving poor password protection. The LowLevel04 Ransomware uses an attack typical of ransomware Trojans, encrypting the victim's data and then demanding the payment of 4 BitCoins (approximately $2400 USD at the current exchange rate) to unlock the affected files. The first variant of the LowLevel04 Ransomware was observed infecting computers that had poor security measures and were connected to a terminal or remote desktop service. PC security analysts believe that the LowLevel04 Ransomware is part of a RaaS (Ransomware as a Service) threat family active currently. Numerous variants of the LowLevel04 Ransomware have been observed in the last year changing the email contact address or small superficial details of the attack each time.
The LowLevel04 Ransomware can Impair Companies and Websites Greatly
It seems that the preferred method for delivering the LowLevel04 Ransomware to the victims' computers is by hacking into the targeted computer directly, often by taking advantage of poor password protection. In many cases, computers associated with the LowLevel04 Ransomware attacks are Web servers, which may cause a significant disruption when a particular website or company is attacked. Apparently, once the attacker gains access to the victim's computer, the LowLevel04 Ransomware would be installed, and the victim's data would become encrypted. The LowLevel04 Ransomware communicates with its Command and Control server and uploads various files to the hacker's computer during the attack.
The LowLevel04 Ransomware carries out an attack that is typical of most ransomware Trojans. As soon as the LowLevel04 Ransomware is installed, it scans all drives connected to the infected computer, including network drives and removable memory devices (raising the possibility of the LowLevel04 Ransomware spreading throughout a network or managing to infect file backups and other data). The LowLevel04 Ransomware searches for certain file extensions, encrypting them during the attack by using a strong encryption algorithm. The files encrypted by the LowLevel04 Ransomware will receive the prefix 'oorr.' added to the file's name, making it simple to determine which files have been targeted on the attack. The LowLevel04 Ransomware will encrypt the following file types during its attack:
.odc, .odm, .odp, .ods, .odt, .docm, .docx, .doc, .odb, .mp4, sql, .7z, .m4a, .rar, .wma, .gdb, .tax, .pkpass, .bc6, .bc7, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps.
Dealing with a LowLevel04 Ransomware Attack
Unfortunately, the files that have been encrypted by this ransomware Trojan become inaccessible until decrypted. However, to decrypt the affected files, it is necessary to obtain the decryption key, which the people responsible for the LowLevel04 Ransomware hold for ransom. In every directory where the files were encrypted, the LowLevel04 Ransomware drops text files containing its ransom note. Victims are asked to contact the email addresses entry122717@gmail.com and entry123488@india.com to receive more information about the attack and how to carry out payment. The payment for the LowLevel04 Ransomware and similar ransomware Trojan may be carried out using Bitcoins, often connecting to the Dark Web using TOR.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.