.Libbywovas@dr.com.gr3g Files Virus – How to Remove and Restore Files

.Libbywovas@dr.com.gr3g Files Virus – How to Remove and Restore Files

This article aims to help you remove the .libbywovas@dr.com.gr3g files ransomware from your computer and show how you can restore .libbywovas@dr.com.gr3g encrypted files without having to pay ransom.

New ransomware infecton carrying the file extension .libbywovas@dr.com.gr3g has been reported by malware researchers to wreak havoc on the computers of the victims it infects. The malware has the one and only purpose to encrypt the files on the compromised computer and then leave behind the e-mail of the crooks as a file extension. The virus then drops a ransom note, named Readme.txt which has the extortion instructions in it and gives 96 hours deadline to contact the e-mail, otherwise the files could be lost indefinitely. If your computer has been infected by .libbywovas@dr.com.gr3g ransomware, we advise you to read this article and learn how to remove this virus and restore files that have been encrypted by it on your computer.

Threat Summary

TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the computers infected by it and then demands a ransom payoff to get the files back.
SymptomsFiles are encrypted and no longer able to be opened with an added .libbywovas@dr.com.gr3g file extension. Readme.txt ransom note also appears.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by LibbyWovas


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss LibbyWovas.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.libbywovas@dr.com.gr3g Ransomware – Distribution

In order spread it, the cyber-criminals behind .libbywovas@dr.com.gr3g file ransomware may use different methods. They may upload the infection files of the virus as fake programs, installers of games or even game key generators and software license activators. In addition to this, the cyber-crooks may also send the infection file in the form of a document over e-mail. The attachment may be accompanied with a convincing message, like the following:

.libbywovas@dr.com.gr3g Files Virus – More Information

Once your computer becomes infected by the .libbywovas@dr.com.gr3g files ransomware, the malware connects to a distribution site via an unsecured port on your computer. After this, it drops the payload of the ransomware virus on your computer. It may consist of more than one executable file and these files are of different formats and may have different, often random names. The files may be located in the most commonly targeted Windows folders:
After this ransomware virus has already infected your computer, it may begin to modify it. For starters, the .libbywovas@dr.com.gr3g ransomware may situate registry sub-keys with values in them that aim to run it’s encryption executable during Windows boot. To do this the virus may target the following Windows Registry sub-keys:

  • Run
  • RunOnce

After the .libbywovas@dr.com.gr3g ransomware creates value strings, they may contain data with the actual location of the malicious file, responsible for the encryption.

In addition to modifying the Windows Registry Editor, the .libbywovas@dr.com.gr3g ransomware virus may also delete the shadow volume copies of the infected computer via the vssadmin and bcedit commands:

→ vssadmin delete shadows /for= [/oldest | /all | /shadow=] [/quiet] BCDEdit /set {current} Recoveryenabled No

After those commands are enabled with the right parameters, the shadow copies of the infected machine are deleted and there is no way to restore the files using Windows. The virus then may drop it’s Readme.txt ransom note which has the following contents:

Your files are encrypted.
In case of renaming a file, the file will become unsuitable for decryption. Even we will not have a chance to restore them.

To return your files you have 96 hours. Write to us.

Our email: libbywovas@dr.com

ATTENTION. To email (libbywovas@dr.com) write messages only from these e-mail services.
From other email services, messages may not be received by us.

Yahoo. https://mail.yahoo.com
Gmail. https://www.google.com
Mail. https://www.mail.com

ATTENTION. We will reply you within 24 hours. If there is no response from us, please send your message again.

Tor email: libbywovas@torbox3uiot6wchz.onion

To register tor e-mail, use the service http://torbox3uiot6wchz.onion (Open only to the tor browser)

Send 3 files, each <2 MB (only pictures, text documents or shortcuts). We will decipher them for free, to confirm that we can help you. Wait for further instructions. YOUR KEY.

.libbywovas@dr.com.gr3g – Encryption

The encryption process of the .libbywovas@dr.com.gr3g virus is conducted via an encryption algorithm whose primary purpose is to render the files on the victim’s computer no longer able to be opened. To encrypt files, the .libbywovas@dr.com.gr3g ransomware targets specific documents, audio files, image files, archives and other often used files, which may have the following file extensions:


After the encryption process by .libbywovas@dr.com.gr3g ransomware has completed, the ransomware adds it’s distinctive file extension, which makes the files to begin appearing like the following:

Remove .libbywovas@dr.com.gr3g Ransomware and Restore Files

If you want to remove this ransomware infection completely from your computer system, it is strongly recommended to begin removing it by using the steps in the instructions below. They are specifically designed to help you isolate and remove the .libbywovas@dr.com.gr3g virus either manually or automatically. Be advised that for maximum effectiveness, experts always recommend using specifically designed for removal anti-malware software which will help to fully detect and remove all malicious files, related to .libbywovas@dr.com.gr3g ransomware from your computer.

If you want to restore files that have been encrypted by this ransomware on your computer, it is recommended to try the alternative methods used below In step “2. Restore files encrypted by LibbyWovas” below. They may not be 100% effective, but may help you to recover most of your data.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share