LeChiffre virus. How to remove? (Uninstall guide)

LeChiffre ransomware strikes again

LeChiffre virus was spotted last year. Security experts managed to find a decryption tool for it. It did not take too long for the authors to devise a newer version. Continuing the popular trend, the virus was named after the name of the villain called “LeChiffre,” meaning “the Cypher”, featured in the first James Bond movie. The latter franchise inspired many cyber criminals. Another similar threat happens to be notorious Petya virus now switched to GoldenEye^[1]. Besides the title, the virus also uses an elaborate algorithm. If this virus manages to enter victim’s system, it finds all user’s personal files (including documents, music, videos, audio files and so on) and encrypts them using AES algorithm^[2]. The encryption is made by encrypting the first and last 8192 bytes of the file and then attaching the malicious key to the file as a 32-byte blob. Once encrypted, the files become inaccessible. However, there is no need to give into the distress. The first thing you need to do is to remove LeChiffre. 

Questions about LeChiffre virus

• can LeChiffre attack me, too? How to secure myself from this virus attack?  29/01/16 2

After the encryp[tion process is finished, the malware leaves a note on the infected computer. The note is usually a .html or .txt file. Here is what it states:

Your important files […] which were crypted with the strongest military cipher RSA1024 and AES. No one can help you to restore files without out decoder, Photorec, RannohDecryptor […] repair tools are useless and can destroy your files irreversibly. If you want to restore files – send an e-mail to […] You will receive decrypted samples and our conditions how you’ll get decoder. Follow the instructions to send payment.

If you see this note, it is a proof that LeChiffre ransomware has attacked your computer. We do not recommend paying the ransom^[3]. You cannot trust cyber criminals – there’s no guarantee that they will put any efforts to help you get the files back. Plus, a decryptor for this ransomware has been created already (unfortunately, works only on LeChiffre 2.6 version only, but may be upgraded in the future). However, you can also restore your files in case you have backup copies of them^[4]. If you have such copies of your files, all you need to do is to remove the LeChiffre ransomware from your computer using LeChiffre removal tool (for example, Reimage, and then import your files from a backup drive. Keep in mind that you should store backups on an EXTERNAL backup drive, because some viruses can reach your online data cloud storages and infect files that are stored there, too.

⇦⇨

Slide 1 of 10

Update 2017 January: the virus remains active

Since the appearance in mid-summer last year, the authors have not departed the ransomware market. Unfortunately, the virus has been continuously developed. Small business with a wider network of servers happens to be the preference of LeChiffre malware. Specifically, the virus launches brute force to paralyze the activities of the server and infect all linked computers. Furthermore, the virus marks the corrupted data with .lechiffre file extension. It has been also known that newer version of the virtual threat utilizes a password-guessing technique. In other words, if you have been using a standard and a weak code such as “password123″^[5], the cyber villains easily hack into the server remotely and then download the main payload of the ransomware. Therefore, netizens are advised to use long passwords comprised of characters and numbers. Password managers may also be a solution.

Distributing LeChiffre virus

Security experts claim that LeChiffre ransomware is not a typical ransomware, and in most of the cases it is spread through different channels. The virus should not be underestimated. A while ago, LeChiffre cyber-criminal planted this virus on a computer of a bank in India and spread the virus to the following computers via Remote Desktop Ports that did not have password protection. Crooks prefer disguising their threats in spam emails. Users are deceived with the fake notifications supposedly sent from delivery companies or even law enforcement institutions. In addition, exploit kits and trojans also serve for the purpose of spreading infection. Though LeChiffre hijack might have occurred due a different method, it is necessary to renew arm up with several security tools. Let’s not forget the fact that cyber-criminals learn and improve their products each day. Avoid opening emails from unknown senders (ransomware is commonly spread via malicious email attachments), clicking on links on high-risk websites, or installing unreliable software. 

How to remove LeChiffre malware and restore the files?

According to the note of .lechiffre file extension virus, you can get your files back for free after 6 months. This is unlikely to happen. There is no guarantee that the crooks will return the undamaged or all files after this period. Do not waste time and initiate automatic LeChiffre removal. Install and update your security applications, e.g. Reimage or Plumbytes Anti-MalwareMalwarebytes Malwarebytes. Only when the full elimination is completed, you can proceed to file recovery steps. In case, you encounter any problems and cannot remove LeChiffre virus, the below instructions will help you regain access. A decryption tool has been released last year. It is unlikely that it will decode the files encrypted by the recent version, but you might give it a try. 

Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide Reimage review | Terms of Use | Privacy policy | Refund Policy | Press | Uninstall guide