A new addition to the family of infamous STOP (DJVU) Ransomware has been spotted by the cyber-security analysts recently. It has been named as Litar Ransomware as it appends a .litar extension to the file names after encrypting them.
This newly discovered data-locking infection has impacted a large number of systems across the world so far. Some of the confirmed victims of Litar have been found in Argentina.
Upon infecting the system, Litar Ransomware employs RSA & AES cryptographies, encrypts the files & renders them inaccessible to the user.
The methods used by the hackers for the proliferation of Litar Ransomware are still not known. However it is speculated that creators may be using some common spread techniques such as spam e-mail attachments & bogus software updates.
|Operating System Impacted||Windows|
|Targeted Browser||Google Chrome, Internet Explorer, Mozilla Firefox|
Litar Ransomware is a variant of the giant STOP (DJVU) Ransomware that has been discovered recently.
According to the malware researchers, this newly discovered crypto-virus is spreading its infection at an alarming rate. Some of the confirmed victims of this devious malware have been reported in Argentina.
The chief methods of its propagation are currently unknown. However, some cyber-security researchers think that creators are employing common distribution techniques to spread Litar’s infection. These many include spam e-mail attachments, unofficial download sources & software bundling.
Once the system is infected, Litar locates the files & encrypts them by adding .litar extension to the files. Litar uses highly-complex Encryption Algorithms & Cryptography methods such as AES & RAS to encrypt the files & hence makes it difficult for the user to decrypt the data.
Example of encryption: A file named “picture.jpg” might be renamed as “picture.jpg.litar”.
The files targeted by the Litar Ransomware may include the file extensions mentioned below:
The main motive of hackers behind encrypting the files is to extort money by asking the victims to pay a ransom amount to restore their encrypted data.
The instructions to decrypt the encrypted files are displayed on the victim’s desktop in the form of a text file named “_readme.txt”.
The ransom note appears in the form of a program window & holds the title: “Attention”.
The note conveys that the user files are encrypted with a strong encryption algorithm & unique key. The only way to get the encrypted data restored is to contact the hackers & pay the ransom amount.
The Ransom Amount demanded by the hackers is $980 (in Bitcoins). Victims can get 50% discount on the ransom amount ($490), in case they contact the hackers within 72 hours of the encryption.
E-mail addresses provided by the hackers include- email@example.com and firstname.lastname@example.org.
Victims can reach the hackers on their Telegram Account – @datarestore.
In order to earn the trust of the victims, the hackers offer to decrypt one file for free & send it back to the user as a guarantee of decryption. However, users should note that these claims are fake. Analysis has shown that after receiving the ransom, hackers usually avoid the victims.
Since paying the ransom does not yield positive results, users are advised to avoid any encouragement to pay the ransom & contact the hackers.
Users should be cautious towards the security of their system & pay attention while browsing internet, downloading, installing & updating software.
Note: The infamous STOP Ransomware Family has been in headlines for installing a Trojan Virus named AZORult on the targeted systems. This Trojan has been specifically designed to gather various account credentials.
The methods employed by the cyber-criminals for the propagation of Litar Infection are currently not clear. However, some of the security researchers claim that Litar Infections are being distributed by some common spread techniques.
These may include, however, are not limited to the following methods:
1). Spam e-mail containing infected attachments
2). Exploit the vulnerabilities of the OS & installed software
3). Third-party software download sources (free file-hosting websites, freeware download websites, Peer-to-Peer Networks).
4). Fake software updaters/Cracks & shareware.
5). Software Bundling – it may download/invite a legion of Trojans, Ransomware & Virus on the system.
6). Visiting Questionable/Suspicious Torrent Websites & other Malware-Laden sites
5 Click on the username and enter the password (if any).
Continue to follow steps 4 & 5 of Method 2 to restore the System Files and settings.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.