Research on LDHY Ransomware
LDHY Ransomware is a data locking virus (file encryption ransomware). It uses decryption key to blackmail the victims and earn quick money illegally. The ransomware is mainly spread via spam email attachments which are disguised as important file to trick user to download and open it. Once LDHY Ransomware is loaded on computer, all the files of user are renamed with a nasty extension and they cannot be opened at all. It is able to encrypt all types of files, including but not limited to:
.vbox, .vdi, .vhd, .vhdx, .vmdk, .vmsd, .vmx, .vmxf, .vob, .vpd, .vsd, .wab, .wad, .wallet, .war, .wav, .wb2, .wma, .wmf, .wmv, .wpd, .wps, .x11 , .x3f, .xis, .xla, .xlam, .xlk, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml,.xps, .xxx, .ycbcra, .yuv, .zip.iq, .incpas, .indd, .info, .info_, .ini, .iwi, .jar, .java, .jnt, .jpe, .jpeg, .jpg, .js, .json, .k2p,.kc2, .kdbx, .kdc, .key, .kpdx, .kwm, .laccdb, .lbf, .lck, .ldf, .lit, .litemod, .litesql, .lock, .log, .ltx, .lua, .m, .m2ts, .m3u, .m4ts, .m4p, .m4v, .ma, .mab, .mapimail, .max, .mbx, .md, .mdb, .mdc, .mdf, .mef, .mfw , .mid, .mkv, .mlb, .mmw, .mny, .money, .moneywell, .mos, .mov, .mp3, .mp4, .mpeg, .mpg, .mrw, .msf, .msg,.myd, .nd, .ndd, .ndf, .nef, .nk2, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nvram, .nwb, .nx2, .nxl, .nyf, .oab, .obj, .odb, .odc, .odf, .odg, .odm, .odp, .ods, .odt, .ogg, .oil, .omg, .one , .orf,.ost, .otg, .oth, .otp, .ots, .ott,.1cd, .3dm, .3ds, .3fr, .3g2, .3gp, .3pr, .7z, .7zip, .aac, .ab4, .abd, .acc, .accdb, .accde, .accdr, .accdt, .ach, .acr, .act, .adb, .adp, .ads, .agdl, .ai, .aiff, .ait, .al, .aoi, .apj, .apk, .arw, .ascx, .asf , .asm, .asp, .aspx, .asset, .asx, .atb, .avi, .awg, .back, .backup, .backupdb, .bak, .bank, .bay, .bdb, .bgt,.bik, .bin, .bkp, .blend, .bmp, .bpw, .bsa, .c, .cash, .cdb, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cfn, .cgm, .cib, .class, .cls, .cmt, .config, .contact, .cpi, .cpp, .cr2, .craw , .crt, .crw, .cry, .cs, .csh, .csl, .css, .csv, .d3dbsp, .dac, .das, .dat, .db, .db_journal, .db3, .dbf,. dbx, .dc2, .dcr, .dcs, .ddd, .ddoc, .ddrw, .dds, .def, .der, .des, .design, .dgc, .dgn, .dit, .djvu, .dng, .doc, .docm, .docx, .dot, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .eps,.erbsql,.erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flb, .flf, .flv, .flvv, .forge, .fpx, .fxg, .gbr, .gho, .gif, .gray, .grey, .groups, .gry, .h, .hbk, .hdd, .hpp, .html, .ibank, .ibd, .ibz, .idx, .iif , .p12, .p7b, .p7c, .pab, .pages, .pas, .pat, .pbf, .pcd, .pct, .pdb, .pdd, .pdf, .pef, .pem, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .pm !, .pm, .pmi, .pmj, .pml, .pmm,.pmo, .pmr, .pnc, .pnd, .png, .pnx, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .private, .ps, .psafe3, .psd, .pspimage, .pst, .ptx, .pub, .pwm, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby , .qcow, .qcow2, .qed, .qtb, .r3d, .raf, .rar, .rat, .raw, .rdb, .re4, .rm, .rtf, .rvt, .rw2, .rwl,. .sd, .s3db, .safe, .sas7bdat, .sav, .save, .say, .sd0, .sda, .sdb, .sdf, .sh, .sldm, .sldx, .slm, .sql, .sqlite, .sqlite3, .sqlitedb, .sqlite-shm, .sqlite-wal, .sr2, .srb, .srf, .srs, .srt, .srw, .st4, .st5, .st6, .st7, .st8,.stc, .std, .sti, .stl, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .tax, .tbb, .tbk,.tbn, .tex, .tga, .thm, .tif, .tiff, .tlg, .tlx, .txt, .upk, .usr
.
And you will get a ransom note left by LDHY Ransomware in every folder of your files. It will let you know that you could pay ransom fees to exchange for the decryption key. And LDHY Ransomware has collaborated the websites for bitcoins which are the main currency in the darknet. It ask victims to buy some bitcoins to pay for the decryption key so that there is no way to track the hacker.
We firmly suggest that you should not buy decryption key from the hacker. Many victims have been scammed by hacker before for similar ransomware. You get no any guarantee when you pay the ransom fees. Moreover, hacker will be funded to make more ransomware if you pay them. And then your files can be re-infected sooner or later by new ransomware.
You should first get rid of LDHY Ransomware from computer and then consider to recover the files with legitimate decryption tools.
LDHY Ransomware Removal Process
Step 1 – Uninstall malicious programs from Control Panel.
Ransomware may infect your system after you install some malicious programs. To avoid being re-infected, first you should uninstall malicious programs from your computer:
- 1. Type “control panel” in the Search Box of Taskbar and select Control Panel
- 2. Click Uninstall a program:
- 3. Select programs which may be related with LDHY Ransomware and click Uninstall:
↓ Download SpyHunter Anti-Malware *offer – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 2 Find and remove malicious registry entries of LDHY Ransomware or malicious program.
Note – In case any suspicious files or unwanted program cannot be removed manually, it is often caused by malicious registry files. Therefore, to get rid of such stubborn items, you need to find and remove malicious files in the Registry Editor. Check the steps below:
1.Type “Registry Editor” in the Search Box of Taskbar and select Registry Editor:
2. Select Edit menu and click Find button >> Type virus’s name into it and click Find Next :
3. Right click on the malicious files and click Delete (Do Not Click Delete unless you can confirm that the files is related with malware):
↓ Download SpyHunter Anti-Malware *offer – The SpyHunter Trial version includes, for one device, a one-time 7-day Trial period for SpyHunter 5 Pro (Windows) or SpyHunter for Mac. Check Terms & Conditions of SpyHunter Free Trial , EULA and Privacy/Cookie Policy. |
Step 3 Try to Recover Files with Legitimate Decryption Tools
Do not pay any money to recover your files. Even if you were to pay the ransom, there is no guarantee that you will regain access to your files.
The right way to recover your files is to count on legitimate decryption tools. Here are websites of popular cybersecurity community, you can try the decryption tools shared on their sites:
EmsiSoft Decryptor (Free)
EmsiSoft is working on developing free decryptor for the newest ransomware. Currently it provide user with over 40 free and useful decryptors. Please visit https://decrypter.emsisoft.com/ to find and download the decrypter you need.
Avast Free Ransomware Decryption Tools
Avast free ransomware decryption tools can help decrypt files encrypted by the many types of ransomware. Go to this Avast page and download the decyptors for the latest ransomware.
Kaspersky Free Ransomware Decryptors
Kaspersky russian lab now provides many free decryptors. Visit Kaspersky page here and have a try .
NoMoreRansom Decryptors
The No More Ransom Project provides free decryption tools for lots of ransomware. Have a try on these tools at this page: https://www.nomoreransom.org/en/decryption-tools.html