LDPR ransomware is a file locked that comes from Dharma virus family

LDPR ransomware is malware that focuses on money extortion with the help of file locking capability. First spotted in late April, it is a variant of the infamous Dharma ransomware – a relatively old string that keeps returning and infecting thousands worldwide.
Once installed, LDPR ransomware performs a variety of changes to the computer, so that it could perform data encryption without interruptions. The virus uses AES or DES + RSA encryption algorithms,[1] appends .LDPR extension, along with modifying the file name and then drops a brief FILES ENCRYPTED.txt, as well as a pop-up window. The message from hackers explains to victims what happened to their pictures, videos, databases, documents, and other data, and asks them to email crooks via mr.crypt@aol.com, f-data@protonmail.com or helpfile@rape.lol to find out the price of decryptor. Based on examples, cybercriminals are asking as much as $1000.
As usual, users should not engage in any type of negotiations with the hackers and instead focus on LDPR ransomware removal and alternative file recovery methods. Unfortunately, there are no official decryptors released for this version of Dharma.
| Name | LDPR |
| Type | Ransomware |
| Family | Dharma |
| File modification | .id-[ID].[mr.crypt@aol.com].LDPR, .id-[ID].[f-data@protonmail.com].LDPR, .id-[ID].[helpfile@rape.lol].LDPR |
| Ransom note | FILES ENCRYPTED.txt + pop-up window |
| Ransom size | $1000 in Bitcoin (can vary) |
| Decryptable? | No. Use third-party recovery solutions |
| Removal | Use anti-malware software |
| Recovery | Scan your device with FortectIntego for best results |
There are many different ways users could get infected with LDPR virus. Here are the most common methods that hackers use to distribute ransomware:
- Exploit kits;
- Brute-force attacks;[2]
- Spam emails;
- Repacked or cracked software;
- Cracks or keygens;
- Fake updates, etc.
However, LDPR ransomware does not immediately encrypts files. It first performs a set of changes to the way the operating system operates. For example, it modifies Windows registry, deletes/copies/inserts files, executes Shell commands, etc. This allows the malware to run file encryption without any interruptions.
Once the file encryption is complete, the FILES ENCRYPTED.txt ransom note appears in every folder where locked files are located. It states the following:
all your data has been locked us
You want return?
write email mr.crypt@aol.com
As you can see, there is not much information provided. However, in the pop-up window, titled by the contact email, you will be able to see a full message from hackers. Allegedly, crooks also offer test decryption service, which would provide proof that the bad actors can actually decrypt files. Regardless, there is no guarantee that they will send you the required tool, even after the payment is made. Furthermore, you would only prove that LDPR ransomware is successful, warranting more infections worldwide.
Thus, do not contact cybercrooks and remove LDPR ransomware with the help of anti-malware software – only then you can start the file recovery process. Additionally, you should scan your device with FortectIntego to restore the infected Windows system files.

Stay away from email attachments that ask you to enable the macro function
As we previously mentioned, there are several different methods hackers use to infect users with ransomware. For that reason, simply using a security application is not enough (although it is mandatory for every system, be it private or corporate machine).
To minimize ransomware infection risk, experts[3] advise following these simple tips:
- Patch your operating system, along with the installed applications, as soon as security updates are released;
- Enable Firewall;
- Use strong passwords and two-factor authentication for all your accounts;
- Do not use cracked software or its cracks/keygens;
- Scan all executables and other files with tools like Virus Total;
- Do not open spam email attachments, especially those that ask you to enable macro function;
- Be aware that hyperlinks might be misleading – put the mouse pointer on top and you will see the real destination address;
- Disable Flash Player auto-run feature;
- Use ad-block on high risk sites, such as porn, gambling, file-sharing, etc.
Finally, to be completely safe, you should always have a full backup of your most important files – you can use external drives (Flash drive, external HDD, SSD, etc.) or automatically upload your data to a remote server, such as Google Drive.
Remove LDPR ransomware by using anti-malware software
To remove LDPR ransomware, you will have to use professional security software. Luckily, ransomware-type viruses focus file locking rather than screen locking, so operating your device should not require any special instructions. Nevertheless, it is recommended that you enter Safe Mode with Networking just in case malware tampers with the operation of the anti-malware software.
Once you enter Safe Mode, perform a full system scan using anti-malware software, such as SpyHunterCombo Cleaner. Once the scan is finished, the anti-virus application should show you the scan results confirming that LDPR ransomware removal was successful. After that, you can connect your backups, or attempt the recovery using third-party tools. We provide all the download links below.
Was this guide helpful?
Be the first to comment