'.L1LL File Extension' Ransomware

'.L1LL File Extension' Ransomware Description

The '.L1LL File Extension' Ransomware is a file-locking Trojan that can keep your media files from opening by encrypting them. These attacks include ransoming messages in Notepad's TXT format that sell the criminal's decryption help through TOR-based communications. Users can back their files up elsewhere for saving media that's of any value and use their anti-malware products for uninstalling the '.L1LL File Extension' Ransomware or stopping infections.

All the Files Getting Ill with L1LL

File-locker Trojan infections in the less-than-common target region of Estonia are getting verification from various parts of the cyber-security industry, although hard samples of its campaign are in low supply. The responsible threat, the '.L1LL File Extension' Ransomware, has no family that malware analysts could confirm as of late March, although it shows some basic formatting in common with the much older Yyto Ransomware. Its threat actors seem either familiar with Ransomware-as-a-Service infrastructure or are using pre-generated templates for parts of the '.L1LL File Extension' Ransomware's payload.

The '.L1LL File Extension' Ransomware's encryption method is unanalyzed and may use Salsa20, AES-256, RSA or other methods of blocking your documents, images, music and other media. Besides the conventional adding of its extension at the ends of filenames, it also inserts text referencing its ransoming note ('read@help.txt') through a format that isn't usual for Ransomware-as-a-Service threats like the Crysis Ransomware, the Globe Imposter 2.0 Ransomware, or the Scarab Ransomware. No other, significant symptoms are verifiable although many file-locker Trojans include features such as pop-ups currently, hijacking the desktop's wallpaper or deleting backups.

While its means of referencing it is unusual, malware researchers find the contents of the '.L1LL File Extension' Ransomware's ransoming message very standard. The English-based instructions recommend downloading the TOR anonymity-facilitating browser and provide links for their sites and e-mails regarding the ransoming negotiations but don't state a price. Similarly to, for instance, the Globe Ransomware, the '.L1LL File Extension' Ransomware offers a 'sample,' which could be the only way of getting at least one or two of your files unlocked without paying.

Getting the Ransoms Out of Ransomware

Estonian file-locker Trojans are somewhat rare but not unknown; readers from two years ago may be familiar with the Kaandsona Ransomware's operations in the same country as the '.L1LL File Extension' Ransomware. However, the '.L1LL File Extension' Ransomware's payload doesn't seem configured for only that nation and could block documents and similar media hostage throughout most of the world. All of its victims to date are running Windows PCs.

Nearly all types of file-locking Trojans, whether they're part of a growing Ransomware-as-a-Service business or independent projects, accept ransoms through difficult or impossible to refund means like the ubiquitous Bitcoin cryptocurrency. Victims paying these ransoms aren't sure of getting their decryptor and the accompanying unlocking of their files for doing so. Anti-malware utilities, while they should be capable of uninstalling the '.L1LL File Extension' Ransomware or blocking an infection, can't decrypt your media.

The '.L1LL File Extension' Ransomware's campaign seems that it's in its opening phase, but with victims, already, the users should be quick to back up their files. The country you're living in may be large or small, but a vulnerable computer with unsaved content is a great target for any criminal's Trojan campaign.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to '.L1LL File Extension' Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Posted: March 20, 2019
Home Malware Programs Ransomware '.L1LL File Extension' Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.