Live ransomware – a new Dharma variant that automatically boots every time the computer power is turned on

Live ransomware, also known as CryptLive ransomware, is one of the newest Dharma variants that have reached the surface at the end of January 2020. The malware operates as a typical ransom-demanding and file-encrypting[1] cyber threat but that does not make it less dangerous than others of its kind. The malicious module is designed to encrypt files by appending the .LIVE extension to each file name.
Afterward, Live virus pastes a copy of the info.hta and FILES ENCRYPTED.txt ransom note into every folder that holds locked data. The first message encourages users to reach out to the cybercriminals via cryptlive@aol.com email address while the second one provides a payment offering of $1299 that needs to be transferred in Bitcoin. The crooks promise to give those who show signs of communication via 24 hours a 15% discount and offer users to send them 1 file not exceeding the size of 10 MB for free decryption as the demonstration of the truly-existing decryption software.
| Name | Live ransomware/CryptLive ransomware |
|---|---|
| Category | Ransomware/malware |
| Family | This cyber threat belongs to the Dharma ransomware family |
| Appendix | Once all the files and documents are found and locked with a unique encryption cipher, the ransomware virus appends the .LIVE extension to each affected component |
| Ransom note | The malware delivers two ransom notes one from which is written in the info.hta format and the other one opens in a notepad window and is named FILES ENCRYPTED.txt |
| Ransom price | The criminals urge for a quite big price – $1299 in Bitcoin. However, these people promise to make a 15% discount for those victims who aim to contact the developers within 24 hours of time |
| Crook's contacts | The crooks provide the cryptlive@aol.com email address as a way to make contact and send them one small file for receiving evidence of the decryption tool's existence |
| Spreading | Ransomware infections are often delivered through email spam when the crooks pretend to be reliable firms and organizations. Also, the malware can appear through a hacked RDP, software cracks, fake software updates, malicious advertisements, and infectious hyperlinks |
| Termination | If you have spotted this ransomware virus on your computer system, you have to get rid of it as soon as possible before it has brought any other additional infections. Besides, you can try restoring your locked data only after terminating the malware. For this process, download reliable antimalware software |
| Repair tool | If the ransomware virus has damaged some of your Windows computer's areas, you can try fixing them with a repair tool such as FortectIntego |
Live ransomware is a tricky cyber threat that fills the Registry and Task Manager with malicious files and operations. Whenever these components are executed, the virus is provided with various functional abilities. For example, some commands allow the ransomware to boot up every time the computer is started. Also, do not be surprised if the malware is mimicking the process of some type of flash player, downloader, or another piece of software as this way the ransomware virus is capable of blending into your system and staying unknown for a while.
Continuously, [cryptlive@aol.com].LIVE ransomware might also be scheduled to run background processes such as the deletion of Shadow Volume Copies.[2] This type of activity hardens the data recovery process for the cybercriminals. If the virtual parasite starts initiating multiple tasks at a time, you can also spot that your CPU and GPU power levels have been rising up more than usual.
In fact, Live ransomware uses some threats in its ransom message regarding the data recovery fact. The criminals make sure that the victims are aware that trying to restore files by themselves can bring only more harm and files loss:
YOUR FILES ARE ENCRYPTED
Don't worry,you can return all your files!If you want to restore them, follow this link:email cryptlive@aol.com YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:cryptlive@aol.com
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam
However, Live ransomware is trying to trick you into purchasing the decryption tool from the cybercriminals. Even though these people might truly own this type of software, there are no guarantees that they will not just run off with your money.
Due to the risk of getting scammed, you should remove Live ransomware from your Windows computer system and use alternative software for the data recovery process. There is no official decrypter released at the time of writing but you still can benefit from third-party restoring software. We have provided some solutions at the end of this page.

Other functions of Live ransomware might include permanently damaging the hosts files on your Windows device. This way the malware prevents you from visiting security-based pages and receiving valuable information on the virus's termination. So, once you are deleting the ransomware virus, do not forget to delete the Windows hosts file too, otherwise, the access to your liked websites might still remain blocked.
Another reason for you to speed up Live ransomware removal is the possibility that you will end up with additional malware on your computer system. Ransomware infections are capable of bringing not only potentially unwanted programs such as adware or browser hijackers to the computer system but also serious malware such as trojans, spyware, worms, cryptocurrency miners, etc.
If you have been looking for ways to uninstall Live ransomware properly, you should only do that by employing reliable software as the manual technique might not work very well due to the risk of missing crucial components. Besides, if you have discovered some damage on your computer system, you can try fixing the infected areas with the help of FortectIntego.
If in some cases, your antivirus program cannot find Live ransomware on your Windows machine, the malware might be evading antimalware detection. For this purpose, you should boot your computer via Safe Mode with Networking or System Restore. However, according to VirusTotal data,[3] this malicious string has been detected by 58 antivirus tools out of the total 70.

Ransomware delivery is never expected but not quite surprising
Dangerous malware forms such as ransomware appear on those computer systems who have the weakest or a very weak level of protection. This means, even though you have not opted for the ransomware installation intentionally, the cyber threat did not really escape without your help and we are going to explain how this happens.
The main way of delivering ransomware-related payload to victims' computers is by using spam messages. A lot of criminals write official-looking notes and pretend to be from financial companies, shipping firms, healthcare systems, etc. Afterward, the victim is encouraged to open the attached file that often appears to be the infectious payload.
DO NOT fall for believing in any messages that you were not expecting to receive as you can get in big trouble. Even more important, DO NOT open or download any attached files without scanning them with antivirus software first.
Additionally, ransomware infections are likely to get delivered through other sources such as weak RDP configuration. This happens when the RDP does not include a password or includes an easy-guessable one such as “12345”. Furthermore, these types of viruses can be downloaded from software cracks that are placed on peer-to-peer networks such as The Pirate Bay, BitTorrent, and eMule. Also, you can receive these types of threats while opening fake flash player updates, entering malvertising-based ads, clicking on infected hyperlinks, etc.
Advanced removal solutions for Live ransomware
If you have spotted .LIVE files on your desktop, the FILES ENCRYPTED.txt ransom note, and malicious processes running in your Task Manager, you have to get rid of Live ransomware ASAP. The longer you keep this cyber threat on your computer system, the bigger the damage might be. You can even receive other malware very soon.
So, to decrease the risk of additional virus infections and have a chance to unlock at least some of your files, you should remove Live ransomware from your Windows operating system. The only method that works properly in this case is the automatical one and it includes purchasing and downloading proper antimalware software.
Once Live ransomware removal is performed, you can try recovering some of your encrypted files. At the end of this article, we have prepared three possible recovery solutions that might be helpful if completed properly.
According to experts from Virusai.lt,[4] hackers might try to attract as to pay the ransom payment and then vanish. This is the main reason why it is worth trying alternative software for file restoring rather than emptying your pockets.
Was this guide helpful?
Be the first to comment