Home Malware Programs Ransomware Legend Ransomware

Legend Ransomware

Posted: December 18, 2020

The Legend Ransomware is a file-locking Trojan from the VoidCrypt Ransomware family, which blocks the user's files for extorting a ransom. Along with converting files to non-opening ones with its encryption, the Legend Ransomware can create ransom notes in HTA formats, stop some file-managing programs and change the extensions on files' names. Users should protect their work with appropriate backup standards and let a dedicated security solution remove the Legend Ransomware promptly.

A Legend of Software in No One's Mind

With the VoidCrypt Ransomware family's continuing growth, Windows users, and server admins, especially, require daily diligence for backing up their work and keeping it from being taken as a digital hostage. This file-locker Trojan family adds members at a steady rate, as seen with samples like the Decme Ransomware, the Exploit Ransomware, the K2 Ransomware, the Konx Ransomware and more. The Legend Ransomware is recent confirmation as of December 16th that the Trojan's group thrives, even in the highly-competitive Ransomware-as-a-Service scene.

The most apparent symptom of a Legend Ransomware infection is being unable to open files, such as documents, which the Trojan blocks by encrypting them using an, unfortunately, secure algorithm. Secondarily, victims can observe new extensions on their files. Malware experts verify they stick to the VoidCrypt Ransomware pattern of an e-mail (for speaking with the attacker), an ID and a campaign phrase ('legend'). Less obviously than either of these issues, but still concerning, the Legend Ransomware also may disable programs without the user's consent, a feature that it abuses to shut off SQL server-managing software.

Most VoidCrypt Ransomware versions also create a standardized HTA (advanced HTML) window that serves as a ransom note. The Legend Ransomware continues this stereotype, with few updates besides the e-mail addresses and victim ID string. As long as they have other means of unlocking or restoring their files, users should avoid paying these ransoms, incentivizing more threat development.

Raising Legendary Defenses for Copy-Pasted Trojan Assaults

There are no definite infection vector samples for the Legend Ransomware's campaign. It may use exploits that vary from drive-by-downloads on corrupted websites to crafted e-mail attachments custom-made for the target. Server and network administrators also should keep in mind the possibilities of 'passive' vulnerabilities, such as outdated software or weak passwords, that can lead to attacks. File-locking Trojans' campaigns usually will target entities, either private or public, with low-security standards that make for easy ransoming.

Victims have no free decryptors available for unlocking their files directly. As this holds for most file-locker Trojans' families, malware analysts strongly endorse preemptive backup standards, such as saving backups to air-gap-protected devices or cloud storage with password protection. These precautions can offer a more dependable – and cheaper – recovery option for any files than the Legend Ransomware's ransom.

This threat belongs to a well-known and thoroughly-analyzed family with little protection from security software. Most AV vendors provide products capable of removing the Legend Ransomware or blocking its installation exploits.

The Legend Ransomware does little for living up to its name, but such is the usual story with 'free' Trojans from GitHub. What's inexpensive for criminals can be just the opposite for a victim, though, which is why a daily backup remains valuable for everyone.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Legend Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts