LMAOxUS Ransomware – Remove It and Restore Your Files
THREAT REMOVAL

LMAOxUS Ransomware – Remove It and Restore Your Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by LMAOxUS and other threats.
Threats such as LMAOxUS may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you remove LMAOxUS ransomware in full. Follow the ransomware removal instructions at the bottom of the article.

LMAOxUS is a new ransomware cryptovirus. The virus is an EDA2 variant, originally named Stolich or Win32.Stolich. Your files will become encrypted and the LMAOxUS cryptovirus will leave a distinctive message on a web page or as a screenlocker. Proceed to read below and see how you could try to potentially restore some of your data.

Threat Summary

NameLMAOxUS
TypeRansomware
Short DescriptionThe ransomware virus encrypts files on your computer and demands payment for unlocking them.
SymptomsThe ransomware will encrypt your files and after that display a distinctive ransom note message, after the encryption process is finished.
Distribution MethodSpam Emails, Email Attachments, Executables
Detection Tool See If Your System Has Been Affected by LMAOxUS

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss LMAOxUS.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

LMAOxUS Ransomware – Infection

LMAOxUS ransomware could spread its infection via different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer machine, is circling the Internet. A few malware samples have been found by different malware researchers. You can see the VirusTotal detections for security vendors of one sample by checking the snapshot below:

LMAOxUS ransomware could also distribute its payload file on social media sites and networks for file-sharing. Freeware that is found on the Web could be presented as useful but at the same time could hide the malicious script for the cryptovirus. Refrain from opening files just as you have downloaded them, especially if they come from suspicious sources such as links or e-mails. Instead, you should scan them beforehand with a security tool, while also checking the size and signatures of these files for anything that seems out of the ordinary. You should read the ransomware preventing tips thread in the forum.

LMAOxUS Ransomware – Description

LMAOxUS ransomware is also a cryptovirus. It seems to be based on the EDA2 open-source project. The original name is given as Stolich or Win32.Stolich.

LMAOxUS ransomware could make entries in the Windows Registry to achieve persistence, launch or repress processes in Windows. Some entries are designed in a way that will start the virus automatically with each launch of the Windows Operating System, such as the example provided down here:

→“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run”

After the encryption process is finished, the ransom note will be displayed. The note is written in English. Inside, you will find instructions on what to do for file restoration.

A website page alternative can be loaded, as well. That page looks like this:

It reads the following:

ALL YOUR DATA ARE BELONG TO US
If you are a victim, click here

The note is contained in a file with the name LMAO_READ_ME.txt. You can preview the ransom note right down here:

The ransom note reads the following:

You’ve been hit by LMAOxUS
But there’s still hope for you.
Send 0.1 BTC to 1Jek8L6HRj3pNpcAasgoV37eoHqLUMyYjU
Use any payment processor you want. I recommend Coinbase or Blockchain.info. If BTC is too hi-tech for you, send me an email, I’m sure we can work something out.
Once done, send an email to [email protected] with the transaction details.
Listen fam. I don’t care about your data. My goal is not to cause harm or to fuck with people just for the hell of it.
I’m just a broke college student in need of money. I have nothing personal against you. I promise I’ll fix your data once I get payment.
If for whatever reason you’re even more broke than me, well shoot me an email and give me your best sob story. I do have a heart.
Otherwise, you have until the date listed in your notepad until the server automatically deletes your decryption key.
After that date, there’s nothing I can do.
So I wouldn’t waste any more time. 🙂

The ransom note of the LMAOxUS virus should not be followed. In the note is stated that the only way to revert your files back to normal is if you pay 0.1 Bitcoin, which is equivalent to 115 US dollars at the time of writing this article. That is not true and you should NOT under any circumstances pay these cybercriminals. Your files may not get recovered, and nobody could give you a guarantee for that. Furthermore, giving money to these crooks will likely motivate them to create more ransomware virus or do other criminal activities.

LMAOxUS Ransomware – Encryption Process

A list with file extensions that the LMAOxUS ransomware seeks to encrypt is available. More extensions could be added if somebody who uses the code wishes to add them. The current list with file extensions which will get encrypted is the following:

→.txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd

Every file that gets locked will be encrypted with both RSA and AES algorithms.

The LMAOxUS cryptovirus is possible to erase the Shadow Volume Copies from the Windows operating system by using the following command:

→vssadmin.exe delete shadows /all /Quiet

Keep on reading and see what kinds of ways you can try out to potentially restore some of your file data.

Remove LMAOxUS Ransomware and Restore Your Files

If your computer got infected with the LMAOxUS ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by LMAOxUS and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as LMAOxUS.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove LMAOxUS follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove LMAOxUS files and objects
2. Find files created by LMAOxUS on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by LMAOxUS

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...