LyaS Ransomware
The LyaS Ransomware is an encryption ransomware Trojan, designed to encrypt its victim's files to justify the demand for a ransom payment from the victim. The files encrypted by the LyaS Ransomware attack lets them encrypted in a way that they can be easily recognized because the LyaS Ransomware will mark them by adding the string 'id-[victim's_ID].LyaS' to their names. Computer users should prevent the LyaS Ransomware and similar threats since they are becoming one of the most prevalent forms of threats online. The best precaution is to have backup copies of your data stored on secure devices.
How the LyaS Ransomware Attacks a Computer
The LyaS Ransomware targets the user-generated files while avoiding the files that are required by Windows to function. This is due to the criminals wanting the victim to be able to use their computer to reward the criminals with a ransom to regain access to the affected files, which would not be possible if the victim's computer failed to function entirely. Threats like the LyaS Ransomware target several file types when they attack a computer. These file types include:
.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, .php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, .indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, .dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, .xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, .sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, .qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, .ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, , .drw, .eps, .ps, .prn, .gif, .pcd, .pct, .pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, .cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, .xpm, .zip, .rar.
The LyaS Ransomware delivers a ransom note in the form of an HTA file named 'How To Restore Files.hta,' which displays the following message contained in a full-screen window that will pop-up on the infected computer:
'Your personal id -
[victim's_ID]
Warning: all your files are infected with an unknown virus.
To decrypt your files, you need to contact at
Terminator_123@protonmail.com
The decoder card is received by bitcoin.
You can buy bitcoins from the following links://blockchain.info/wallet
Do not try to restore files your self, this will lead to the loss of files forever
GUARANTEES!!!
You can send us 2-3 encoded files.
And attach for testing, we will return them to you for FREE'
Recovering from a LyaS Ransomware Attack
Unfortunately, when the LyaS Ransomware's compromises the files, they will not be recoverable anymore due to the strength of the encryption method used. Because of this, PC security researchers strongly advise computer users to restore their data using file backups. This is the best method to ensure that they are protected against all encryption ransomware Trojans and other threats. Having backup copies of your data removes any leverage the criminals have that would enable them to demand a ransom payment from a victim. Apart from file backups, it is crucial to have a security program. Although security software cannot restore the files encrypted by the LyaS Ransomware, it can intercept the LyaS Ransomware attack and prevent it from happening before the victim's files become compromised.
