LYLI Ransomware

Posted: September 30, 2020

LYLI Ransomware Description

 The LYLI Ransomware is a file-locking Trojan from the Ransomware-as-a-Service family of the STOP Ransomware or Djvu Ransomware. The LYLI Ransomware can stop users' files from opening by encrypting their internal data and offers a premium, ransom-based recovery service. Well-protected backups will render most damage from infections moot, and traditional cyber-security products should block attacks and remove the LYLI Ransomware.

There's No Stopping a Money-Making Trojan Business

The Ransomware-as-a-Service industry remains strong in the second half of 2020, with numerous examples of different families concurrently operating. Out of them, the STOP Ransomware is possibly the most widely in use and the threat most likely of conducting campaigns around the world ranging from southeast Asia to North America. It's little shock that a new variant, the LYLI Ransomware, is appearing in threat databases.

The LYLI Ransomware remains capable of using encryption as an attack for locking files, such as documents, pictures, archives, spreadsheets, or music, among other media. An interrupted server connection forces the LYLI Ransomware into using a less-secure key, but decryption availability is questionable even in this circumstance. Victims can isolate any affected files by searching for content with the Trojan's custom campaign extension of 'LYLI,' which, as usual, is a random, four-character string.

The ransom note in the LYLI Ransomware's payload is identical to previous ones that malware experts are aware of from samples like the Copa Ransomware, the KASP Ransomware, the Kolz Ransomware or the Vari Ransomware. The Trojan asks for nearly one thousand USD in Bitcoins for recovering the victim's files, although there is a 'discount' for those who pay within a few days. Paying criminals doesn't always give a decryption service back to the would-be buyers. As a secondary risk, any files transferred by the attackers could be disguised attacks (such as a backdoor Trojan).

Putting the Lie to a RaaS Business's Ledgers

The Ransomware-as-a-Service phenomenon is highly-flexible, thanks to hiring itself out to third party attackers who can circulate variant Trojans like the LYLI Ransomware at their pleasure. Windows users at risk from the STOP Ransomware family, including both home users and server administrators, should preserve their files on other devices to prevent any ransom scenario from occurring. Each payment to a Ransomware-as-a-Service encourages more campaigns and variant Trojans without any technical knowledge necessary to launch attacks.

Along with backups, malware analysts also emphasize some simple protections that will counter the exploits that are common to file-locker Trojans. The STOP Ransomware campaigns sometimes use torrents and disguises, such as illegal software downloads, for finding victims. More targeted strategies can, instead, attach the installer to an e-mail in a corrupted document. Users should be especially careful of enabling macros and advanced content, as well as scripts.

Robust anti-malware technology can detect most file-locking Trojans, and this goes for the STOP Ransomware or the Djvu Ransomware family as much as others. Users under the protection of these products can remove the LYLI Ransomware before encryption attacks ever happen.

The LYLI Ransomware is as threatening as Windows users let it be. Much like tolerating an abuser's predatory behavior, giving leeway to strange software has consequences that are long-term but also far more preventable than otherwise.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to LYLI Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware LYLI Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.