Lordofshadow Ransomware

What is Lordofshadow Ransomware?

Cybersecurity experts have recently acquired a sample of a ransomware-type program called Lordofshadow Ransomware and tested it. They found that it is based on Hidden-Tear Ransomware which is so often used a basis for creating ransomware. Lordofshadow Ransomware was designed to encrypt your files and demand that you pay money to get them back. However, you should remove this ransomware instead because your files might not be decrypted after you pay the ransom. For more detailed information on this malicious program, we invite you to read this whole article.

What does Lordofshadow Ransomware do?

If your PC were to become infected with Lordofshadow Ransomware, then it will start encrypting your files using the Advanced Encryption Standard (AES) which will render your files useless. This encryption method involves generating a unique encryption and a corresponding decryption key. The decryption key is sent to a remove server, so you cannot obtain it from your PC. While encrypting your files, this ransomware adds a unique ".lordofshadow" file extension to the end of the original extension as a way to mark which files were encrypted.

Our researchers say that this ransomware can encrypt many file types that include ".jpg", ".jpeg", ".raw", ".tif", ".gif", ".png", ".bmp", ".3dm", ".max", ".accdb", ".db", ".dbf", ".mdb", ".pdf", ".xls", ".xlt",".pptm", ".potx", ".potm", ".ppam", ".ppsx", and many others. Once the files have been encrypted, you cannot access their contents and the only way to decrypt them is to buy a decryption tool/ key from its creators. In other words, you have to pay a ransom to get them back.

Once the encryption is complete, this ransomware drops a ransom note called LEIA_ME.txt on your computer’s desktop that features information in the Portuguese language which suggests that this ransomware was designed to be distributed in countries such as Portugal and Brazil. The note says that you have to send an email to lordashadow@gmail.com to recover your files. However, the note does not say that you will probably have to pay a ransom for the files. We do not recommend that you do that because there is no guarantee that the malware developers will decrypt your files.

Where does Lordofshadow Ransomware come from?

As mentioned in the introduction, Lordofshadow Ransomware is based on Hidden-Tear Ransomware, an abandoned ransomware project whose original creator released the source code for cybercriminals to get and create their own malicious programs that encrypt files.

Each ransomware is distributed differently, but using email spam is particularly popular. The reason for this the fact that cybercriminals can infect many unwary users who open malicious emails without suspecting that they are fake. Hence, Lordofshadow Ransomware is distributed using email spam. The emails can pose as legitimate, and you might mistake them for invoices, receipts, and so on. The ransomware’s executable can be disguised as a PDF file and infect your PC when you open it. Unfortunately, we have no concrete information on how it is distributed precisely at this time, but email spam is the most likely method.

How do I remove Lordofshadow Ransomware?

If your PC has been infected with Lordofshadow Ransomware, then we recommend that you remove it from your Pc as fast as you can because it might encrypt newly added files. To do that, we recommend using SpyHunter’s free malware scanner to detect this ransomware and delete the detected malicious files manually after going to their folders. See the guide below for more information.

Manual Removal Guide

  1. Go to http://www.anti-spyware-101.com/download-sph
  2. Download SpyHunter-Installer.exe and run it.
  3. Launch the program and click Scan Computer Now!
  4. Copy the file path of the executable from the scan results.
  5. Press Windows+E keys.
  6. Enter the file path in File Explorer’s address box and hit Enter.
  7. Find and right-click the executable file and then click Delete.
  8. Empty the Recycle Bin. 100% FREE spyware scan and
    tested removal of Lordofshadow Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *