.loptr Ransomware is yet another file encrypting trojan which strikes the cyber security world. Most of the ransomware are created by the purpose of extorting money from user and this is not different. This encrypting threat is a latest version of Locky ransomware which was one of the most destructive threat in 2016. In order to execute its malicious intention the ransomware insert silently in the targeted system. Its worth to say that the threat doesn’t take too much time to start its encryption process. This threat is designed to encode large number of file types which include those one which is frequently used by Widows user. Similar to its predecessor it also use the combination of RSA-2048 and AES-128 encryption algorithm to encode its targeted data. As usual the file become inaccessible after encryption and user can’t access them until they have the proper decryption tool.
.loptr Ransomware : How it carry out its attack?
Upon successful installation, .loptr Ransomware first check for any security software running on the system and if found any then immediately disable it. According to malware researcher the ransomware can make several more changes in the compromised system that help it to execute its process freely. Like most of the ransomware it can also encode number of files which it found on the infected system. After that it add .loptr extension to each of the infected files followed by combination of characters. According to expert, it is able to encrypt large number of file extension which the Locky ransomware use to encrypt. Here are the list of extension which this threat can affect :
The ransom note of .loptr Ransomware
Being a typical encoding threat, .loptr Ransomware also generate a ransom note after completing its encryption process. It display the ransom note on the desktop of victim in a HTML file. The ransom note informs the victim about what happens to their file and also contain instruction through which they can decrypt those files. According to the ransom note user have first download and install TOR browser and then visit a link. As stated in the ransom note, if the victim follow the instruction then they will get the decryptor. But expert are against of visiting the given site or contacting with the criminals. Because if you visit the site they will demand to pay .15 Bitcoin ($280) in exchange of the decryptor. Here you can see the message of its ransom note :
Distribution techniques of .loptr Ransomware
Developer of Locky ransomware use spam email campaign for its distribution and it is suspected that .loptr Ransomware also get transmitted from same way. The hackers behind this ransomware send a well crafted email to the targeted user. The email appear as a invoice send by online store or some recruitment letter of reputed company. User’s are suggested to not open such email before verifying the sender. Such email contains malicious code or link in the attachment file which activate the threat upon opening. Beside that user should also refrain from visiting any kind of link which they get on social media sites from an unknown sender.
Removal instructions of .loptr Ransomware
User should not underestimate this ransomware because it not only encrypt files, it also bring other threat in the PC. In order to remove it form your system you can use the following manual removal steps.
Step 1 : Boot your computer in Safe Mode with Networking
- Click on Start button > click Shutdown button.
- After that click on Restart > click OK.
- Start pressing F8 key once the PC become active.
- It brings the Advanced Boot Options window.
- Select Safe Mode with Networking and press enter.
Step 2 : Remove malicious files from control panel
- Close all programs > select control panel.
- Now select uninstall a program option.
- Here you will find all the installed program.
- Search for program related to Ransomware .
- Click on Uninstall option to uninstall them.
Step 3 : Remove Related Ransomware Entries From registry
- Press Windows + R key at once.
- It will launch the Run Box.
- Then type “regedit” to start the Windows registry.
- Search for related ransomware entries.
- Click on Disable option, to remove them.
If unable to remove the ransomware manually then it is suggested to use the Free-scanner. It automatically scan your system for threat and remove them completely.