LightningCrypt Ransomware

What is LightningCrypt Ransomware?

Ransomware is a category of malicious software that can encrypt your files, lock the computer or (in some cases) do both things. LightningCrypt Ransomware is a program that was designed to encrypt your files and demand that you pay money to get them decrypted. You must remove this ransomware if your computer becomes infected with it as it might encrypt all newly added files. Furthermore, you might not be able to decrypt the files that it encrypts if you do not pay the ransomware which is 0.17 Bitcoins. However, we do not recommend that you pay the ransom because there is no way of knowing whether the ransomware developers will decrypt your files.testtesttest

What does LightningCrypt Ransomware do?

If your PC becomes infected with LightningCrypt Ransomware, then this ransomware will immediately drop LightningCrypt_Recover_Instructions.txt, LightningCrypt_UniqeID.txt, and LightningCrypt_UniqeID.txt files on the desktop and proceed to change the desktop background and will also open a text file with instructions on how to pay the ransom. It will also launch its Graphical User Interface (GUI.) The interface is a window that features a black background with white text which says that you need to send 0.17 BTC which is an approximate 500 dollars to LightningCrypt_Recover_Instructions.png. Research has shown that this particular ransomware was set to encrypt file formats that include but are not limited to .avi, .dll, .jpg, .lnk, .mp3, .mp4, .pif, .png, .png, .rar, .txt, .url, .wav, and .zip. The ransomware aims at hampering your computing experience and denying you access to your files. It appends the encrypted files with the .LIGHTNING, but does not change the original names of the files.

Our research has revealed that there are two iterations of LightningCrypt Ransomware that are quite similar. Nevertheless, it appears that both versions have been set up to connect to lupa-romana[.]de/blog/tag/marcus-antonius, rammichael[.]com,[.]exe,[.]exe, rammichael[.]com/downloads/7tt_setup.exe, and arizonacode.bplaced[.]net. It connects to these URLs automatically and without your knowledge. The ransomware should send the generated decryption key to its main server and store it. You should get the decryption key after you pay the ransom, but there is no guarantee that you will get this key.

Where does LightningCrypt Ransomware come from?

Without a doubt, this program was created by cyber criminals that seek to extort money from you. Our malware analysts have found that LightningCrypt Ransomware is disseminated using malicious emails. The emails are sent to random email addresses, and they contain an attached file that may be called ChkDsk.exe which is the name of a command line that checks the hard discs for errors. Consequently, if it runs in the background, then you might think that it is a legitimate application which is exactly what the developers of this ransomware want you to think. The emails are likely disguised in some way to appear legitimate and will use deception to get you to open the file so that this ransomware could infect your PC. Apart from being distributed via emails, this ransomware might also come bundled with pirated software that you can get from various websites and torrent sites. Therefore, this ransomware can enter your PC secretly and start doing its dirty work.

How do I remove LightningCrypt Ransomware?

We hope you found this article useful and you now know what to do about LightningCrypt Ransomware. Evidently, paying the ransom is a gamble because you cannot trust the ransomware developers to send you the decryption key. If you want to remove the malware manually, then follow the guide provided below. However, since this ransomware can be placed in various locations on your PC and its file can be named differently, we suggest that you use an antimalware tool such as our featured once called SpyHunter which will make light work of this particular ransomware.

Delete the ransomware manually

  1. Hold down Win+E keys.
  2. Type the following file paths and press Enter.
    • %TEMP%
    • %USERPROFILE\Downloads
    • %USERPROFILE\Desktop
  3. Identify and delete the malicious file.
  4. Close the File Explorer.
  5. Go to the desktop and delete LightningCrypt_Recover_Instructions.txt, LightningCrypt_UniqeID.txt, and LightningCrypt_Recover_Instructions.png
  6. Empty the Recycle Bin.

Delete the registry key

  1. Hold down Win+R keys.
  2. Type regedit in the box and press Enter.
  3. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  4. Identify the malicious subkey and delete it.
  5. Close the Registry Editor. 100% FREE spyware scan and
    tested removal of LightningCrypt Ransomware*

Leave a Comment

Enter the numbers in the box to the right *