Table of Contents
What is Ransomware?
Ransomware is a type of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. The perpetrator can use any of a number of encryption algorithms to ensure that the decryption key is never made public.
How does Ransomware?
Ransomware is a type of malicious software (malware) that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
L41 Ransomware has also been spotted inside the following files and processes: ['svhost.exe']
About L41 Ransomware
L41 Ransomware a malicious software that encrypts all the files in a computer until the user pays a ransom. This ransomware encrypts files with a randomly generated key of 1024 bits. L41 then drops a file named HOW_TO_RECOVER_DATA.html, containing the ransom note. Files encrypted by L41 Ransomware will have a .L41 extension appended at the end of the file name.
It also adds a registry key to disable the UAC (User Account Control) and adds a task to start the program when the victim user logs in. This ransomware can also spread via shared folders and USB drives.
L41 Ransomware Capabilities
- Checks for available system drives (often done to infect USB drives)
- Creates a process in suspended mode
- Queries a list of all running processes
- Checks for available system drives
- Creates COM task schedule object
- Enumerates the file system
- May delete shadow drive data
- Spreads via windows shares
- Uses HTTPS Disables UAC
- Creates files inside the user directory
- Tries to load missing DLLs
- Uses HTTPS for network communication, use the SSL MITM Proxy cookbook for further analysis
- Checks the free space of hard-drives
- Writes a notice file (html or txt) to demand a ransom
How to Remove Ransomware?
There are a few ways to remove ransomware, including deleting the ransomware’s files, using an antivirus, or using a Malware Removal Tool. If you have an IT team, they should be able to remove the ransomware for you.
- Identify the infection
- Remove the infection using a reliable anti-malware program
- Use a backup of all important files to protect against data loss
- Use a decryption program to restore access to your data
How to Protect Against Ransomware?
Just like in real life, the best medicine when it comes to computer viruses is preventive medicine. Always use caution when opening email attachments and clicking on links, as they might be infected with malicious software. Lastly, implement a security system for your home and business.
Leave a Reply
Thank you for your response.
Please verify that you are not a robot.