Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Ransomware Lxhlp Ransomware

Lxhlp Ransomware

By GoldSparrow in Ransomware
Translate To:
English

Ransomware is one of the most threatening malware types a regular user may come across. If a file-locker infiltrates your system, it would use an encryption algorithm to lock all your data and then ask you for money in exchange for a decryption tool, which will help you recover your files. Cybercriminals who opt to save themselves some time and effort do not create data-locking Trojans from scratch but use the code of already existing threats. This is the case of the newly identified Lxhlp Ransomware. This Trojan belongs to the infamous Dharma Ransomware family.

Propagation and Encryption

When the Lxhlp Ransomware compromises your PC, it will scan your data and trigger the encryption process. This file-locker is programmed to target .doc, .docx, .pdf, .txt, .jpg, .jpeg, .png, .gif, .svg, .midi, .mid, .aac, .mp3, .wav, .mp4, .mov, .webm, .ppt, .pttx, .xlsx, .xls, .db, .rar, .zip and many other filetypes. The more files the Lxhlp Ransomware encrypts, the higher the chances of the attackers getting paid. Upon encrypting a file, the Lxhlp Ransomware adds a '.id-0.[lxhlp@protonmail.com].lxhlp’ extension to the newly locked files. For example, a file that you named ‘honey-bee.mp3’ will be renamed to ‘honey-bee.mp3.id-0.
There is a personal victim ID generated for every affected user. This allows the authors of the Lxhlp Ransomware to differentiate between the victims easily. The Lxhlp Ransomware may be propagated with the help of phishing emails, fake social media pages, torrent trackers, bogus application updates, corrupted advertisements, etc.

The Ransom Note

The ransom note dropped by the Lxhlp Ransomware is stored in two files - ‘FILES ENCRYPTED.txt’ and ‘info.hta.’ The message is very short and fails to mention the ransom fee. The creators of the Lxhlp Ransomware ask to be contacted via email and provide two email addresses for this purpose – ‘lxhlp@protonmail.com’ and ‘lxhlp2@protonmail.com.’

There is not much point in negotiating with cybercriminals. They deliver on their promises rarely, and you may end up paying a large fee without receiving anything in return. This is why you should remove the Lxhlp Ransomware from your system with the help of a trustworthy PC security suite.

Trending

Most Viewed

Loading...