LLTP Ransomware Removal Guide

Do you know what LLTP Ransomware is?

Our malware researchers test ransomware-type computer infections every day, and they recently analyzed one that is called LLTP Ransomware which is very similar to VenusLocker Ransomware. Both of these programs are extremely malicious because they were designed to encrypt nearly all of the files on the infected computer and demand that the user pays a substantial sum of money for the decryption key. Instead of complying with the demand to pay you ought to remove this ransomware because you cannot be certain that the cyber criminals will give you the decryption key after you pay.

As mentioned, LLTP Ransomware and VenusLocker Ransomware are very similar programs. However, LLTP Ransomware was modeled after VenusLocker Ransomware and contains most of its code. Now, it was modified to a degree but these modifications basically extended to changing the contact email address and the decryption key price.

This new ransomware was first seen in 21 of March 2017. So it is a rather new ransomware that is still widely distributed. If it were to infect your PC, then it will start encrypting your files immediately. According to our malware analysts, this particular application can encrypt hundreds of file extensions that include .txt, .ini, .php, .pptx, .pptm, .potx, .docx, .docm, .dotx, .dotm, and many others. It not only targets documents, but pictures, videos, audios, and other file types to make sure that as many of your personal files become encrypted and you would be compelled to pay the outrageous ransom.

Research has shown that LLTP Ransomware encrypts files with the AES-256 and RSA-2048. It creates a private decryption key that is sent to a remote server and stored for 72 hours. If you fail to pay the ransom within the given window, then the decryption key will be deleted, and your files will remain encrypted indefinitely. This particular ransomware appends the encrypted files with one of two possible file extensions that include .ENCRYPTED_BY_LLTPp and .ENCRYPTED_BY_LLTP. Furthermore, it changes the names of the encrypted files to random sets of characters. Once the encryption is complete, LLTP Ransomware will place a ransom note called LEAME.txt. The note is in Spanish and contains information on how to pay the ransom which is 200 USD, but the cyber criminals want you to pay it in Bitcoins which amounts to 0.2 BTC. We do not recommend that you pay the ransom because you might not get the promised decryption key.

Since it is partly in English and partly in Spanish, we assume that it was tailored for the Spanish-speaking demographic with no particular country in mind. Nevertheless, researchers say that it should have a wide net of dissemination. They have received information saying that this particular ransomware is distributed using malicious email spam that contains an attached file that features this ransomware’s executable that could be named “RansomNote3.5.exe,” but this name might raise suspicions, so it can also be renamed to trick people into opening it.

In closing, LLTP Ransomware is one nasty piece of programming that can cause you a lot of problems in that it can encrypt your most valuable personal files and demand money. If you are not quick about it then, it will delete the decryption key, but we do not recommend that you pay the ransom because the criminals might not send you the decryption key. We advocate for eradicating this application and waiting for a free decryption tool to be developed. You can get rid of it using SpyHunter — a dedicated antimalware program or our manual removal guide.

Delete the files

  1. Find RansomNote3.5.exe
  2. Right-click it and click Delete.
  3. Go to the desktop and delete LEAME.txt
  4. Hold down Windows+E keys.
  5. In the address box, enter %TEMP%\lltprwx86 and hit Enter.
  6. Find a file named lltprwx86 and delete it.
  7. Close the window.
  8. Empty the Recycle Bin.

Delete the registry keys

  1. Hold down Windows+R keys.
  2. Type regedit in the box and click OK.
  3. Go to HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  4. Find LLTP and delete it.
  5. Go to HKCU\Control Panel\Desktop
  6. Find Wallpaper and right-click it.
  7. Click Modify and erase %UserProfile%\bg.jpg from the value data line.
  8. Click OK.
  9. Close.

In non-techie terms:

LLTP Ransomware is a program that can enter your computer secretly and encrypt most of the files on your PC. Its objective is to compel you to pay a hefty ransom in exchange for the decryption key. However, we want to point out that you might not receive this key, so instead of risking losing your money, in addition to your files, we invite you to remove this program.