Home / Spyware Help / Lowlevel04 Ransomware Removal Guide

Lowlevel04 Ransomware Removal Guide

by 0 Comments

Do you know what Lowlevel04 Ransomware is?

It was reported that users’ computers might be infected with Lowlevel04 Ransomware while exploiting Remote Desktop sessions. Then the infection should lock most of the files on the computer, including program data. The cyber criminals behind the malicious application are rather greedy as they demand users to transfer them 4 Bitcoins for the decryption. Given that the sum is rather huge and it is possible they might trick you, we advise against paying the ransom. Therefore, if you do not want to risk your savings, try to get rid of the malware and restore encrypted data yourself if you have any available copies of it. The removal guide is placed below the main text, but since the process could be too complicated, keep it in mind you can choose to use an antimalware software instead.

As mentioned in the beginning, the malicious application could be dropped by the cyber criminals themselves. Apparently, if the computer is not protected by a reliable security tool and has a weak password, the cyber criminals might exploit system weaknesses through Remote Desktop and crack the password. Afterward, they should launch Lowlevel04 Ransomware that would begin the encryption process. There is not much information about the threat, so we cannot say if it targets any particular directories. However, as it may encrypt a broad range of file types, including executable files, it could be that the infection encrypts all data on the computer except files belonging to the operating system.

The malware needs for the operating system to work properly so that it could display you a ransom note, which might be presented in the form of a Notepad document. According to the text, Lowlevel04 Ransomware locks the user’s data “by a strong encryption with RSA-2048.” To prove you this cryptosystem is secure, and you will not manage to break it, the cyber criminals add a link with more information from Wikipedia. Of course, the second part of the note tries to convince the user to pay the ransom. It states that “Decrypting of your files is only possible with the help of the private key and decrypt program which is on our server.” In other words, the only ones who may decrypt the data locked by this threat are its creators.

The cost of such services is 4 Bitcoins or almost 3000 US dollars at the moment of writing this article. In the note, it says that 1 Bitcoin is around 240 US dollars, but currently, it is approximately 730 US dollars. It is a large sum, especially when you do not even know if you will get the product you pay for. The Lowlevel04 Ransomware’s creators say they would send the decryption tool after the user transfers the money. In fact, they even offer to prove this tool exists, but still, there are no guarantees they will act as they promise. Thus, if you refuse to risk losing around 3000 US dollars, you should ignore the request, erase the malicious program and see what you can recover. You could do it if you have any copies of locked files on external hard drives or other storages not connected to the infected computer.

If you were determined to eliminate the malware, manually we have some bad news, because the process is quite complicated. We can only tell you possible directories where you could look for the malicious data belonging to Lowlevel04 Ransomware, so there are no exact locations or titles. You could try using the removal guide below and look for suspicious data in the listed locations, but it might be easier to use a reliable antimalware tool. With its scanning feature, users could locate the threat automatically and erase it by just clicking the deletion button.

Remove Lowlevel04 Ransomware

  1. Press the following combination: Windows Key+R, then type Regedit and click Enter.
  2. Locate the listed paths one by one:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    HKCU \Software\Microsoft\Windows\CurrentVersion\RunOnce
  3. Look for suspicious value names that could be created by the malware, right-click such value names and select Delete.
  4. Close the Windows Registry and open the Explorer (Windows Key+E).
  5. Navigate to this location: %APPDATA%
  6. Search for malicious executable files, then right-click them and select Delete.

In non-techie terms:

Lowlevel04 Ransomware is a harmful infection that enters the computer uninvited and locks both personal (e.g. pictures, photos, videos, documents, and so on) and program data (e.g. executable files). Since the threat is not that popular at the moment, our researchers could not find much information about it or prepare more detailed removal guide. Users who want to try to eliminate the malware manually could use these instructions above. As for those who do not feel experienced enough, we would suggest using a legitimate antimalware tool.