how to remove Litar Ransomware

Transcription

how to remove Litar Ransomware
Litar Ransomware – Another Nasty Variant
of STOP (DJVU) Ransomware Family
Guide To Remove Litar Ransomware
A new addition to the family of infamous STOP (DJVU) Ransomware has been
spotted by the cyber-security analysts recently. It has been named as Litar
Ransomware as it appends a .litar extension to the file names after encrypting
them.
This newly discovered data-locking infection has impacted a large number of
systems across the world so far. Some of the confirmed victims of Litar have been
found in Argentina.
Upon infecting the system, Litar Ransomware employs RSA & AES
cryptographies, encrypts the files & renders them inaccessible to the user.
The methods used by the hackers for the proliferation of Litar Ransomware are still
not known. However it is speculated that creators may be using some common
spread techniques such as spam e-mail attachments & bogus software updates.
Threat SummaryName
Type
Category
Operating System Impacted
Targeted Browser
Litar
Ransomware
Malware
Windows
Google Chrome, Internet Explorer, Mozilla
Firefox
Threat Behavior of Litar RansomwareLitar Ransomware is a variant of the giant STOP (DJVU) Ransomware that has
been discovered recently.
According to the malware researchers, this newly discovered crypto-virus is
spreading its infection at an alarming rate. Some of the confirmed victims of this
devious malware have been reported in Argentina.
The chief methods of its propagation are currently unknown. However, some
cyber-security researchers think that creators are employing common distribution
techniques to spread Litar’s infection. These many include spam e-mail
attachments, unofficial download sources & software bundling.
Once the system is infected, Litar locates the files & encrypts them by adding .litar
extension to the files. Litar uses highly-complex Encryption Algorithms &
Cryptography methods such as AES & RAS to encrypt the files & hence makes it
difficult for the user to decrypt the data.
Example of encryption: A file named “picture.jpg” might be renamed as
“picture.jpg.litar”.
The files targeted by the Litar Ransomware may include the file extensions
mentioned below:
 Document files (.docx, .doc, .odt, .rtf, .text, .pdf, .htm, .ppt)
 Audio Files (.mp3, .aif, .iff, .m3u, .m4u, .mid, .mpa, .wma, .ra, .avi, .mov,
.mp4)
 Video Files (.3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob)
 Images (.jpg, .jpeg, .raw, .tif, .gif, .png)
 Backup Files (.bck, .bckp, .tmp, .gho)
The main motive of hackers behind encrypting the files is to extort money by
asking the victims to pay a ransom amount to restore their encrypted data.
Ransom Note & Amount for Litar Ransomware
The instructions to decrypt the encrypted files are displayed on the victim’s
desktop in the form of a text file named “_readme.txt”.
The ransom note appears in the form of a program window & holds the title:
“Attention”.
The note conveys that the user files are encrypted with a strong encryption
algorithm & unique key. The only way to get the encrypted data restored is to
contact the hackers & pay the ransom amount.
The Ransom Amount demanded by the hackers is $980 (in Bitcoins). Victims can
get 50% discount on the ransom amount ($490), in case they contact the hackers
within 72 hours of the encryption.
E-mail addresses provided by the hackers include- ferast@firemail.cc and
gorentos@bitmessage.ch.
Victims can reach the hackers on their Telegram Account - @datarestore.
In order to earn the trust of the victims, the hackers offer to decrypt one file for
free & send it back to the user as a guarantee of decryption. However, users should
note that these claims are fake. Analysis has shown that after receiving the ransom,
hackers usually avoid the victims.
Since paying the ransom does not yield positive results, users are advised to avoid
any encouragement to pay the ransom & contact the hackers.
Users should be cautious towards the security of their system & pay attention while
browsing internet, downloading, installing & updating software.
Note: The infamous STOP Ransomware Family has been in headlines for
installing a Trojan Virus named AZORult on the targeted systems. This Trojan
has been specifically designed to gather various account credentials.
Distribution Techniques of Litar RansomwareThe methods employed by the cyber-criminals for the propagation of Litar
Infection are currently not clear. However, some of the security researchers claim
that Litar Infections are being distributed by some common spread techniques.
These may include, however, are not limited to the following methods:
1). Spam e-mail containing infected attachments
2). Exploit the vulnerabilities of the OS & installed software
3). Third-party software download sources (free file-hosting websites, freeware
download websites, Peer-to-Peer Networks).
4). Fake software updaters/Cracks & shareware.
5). Software Bundling – it may download/invite a legion of Trojans, Ransomware
& Virus on the system.
6). Visiting Questionable/Suspicious Torrent Websites & other Malware-Laden
sites
How to Remove Litar Ransomware infection from the system-