.logger Files Ransomware – How to Restore Files and Remove It Fully

.logger Files Ransomware – How to Restore Files and Remove It Fully

This article has been created in order to explain what is the .logger ransomware infection and how to remove it completely from your computer system plus how to restore files, encrypted by this malware.

A new ransomware version, part of the Paradise family of ransomware infections has been detected by security experts. The malware, using the file extension .logger has been reported to encrypt the files on the computers infected by it and then leave behind a ransom note, with instructions on how to pay a ransom “fee” in BitCoin in order to get the encrypted files recovered once again. If you have detected your files to be encrypted with the .logger extension, we advise you to read the following article in order to learn how to remove this iteration of Paradise ransomware and how to restore .logger encrypted files without paying ransom.

Threat Summary

Name.logger Files Virus
TypeRansomware, Cryptovirus
Short DescriptionVersion of Paradise Ransomware utilized to encrypt the files on the infected computer and ask victims to pay ransom in order to get the files back.
SymptomsFiles on the infected computer are no longer openable and they have the .logger file extension appended to them.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .logger Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .logger Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.logger Files Virus – How Does It Infect

There may be various different ways which are used by the cyber-criminals who are behind the .logger infection in order to slither into computers. All of the methods aim to make sure that the virus file is masked from any protection software. In addition to this, the cyber-crooks also aim to make it so as the malicious file resembles a legitimate type of file successfully. In addition to this, the .logger files virus is also created with the purpose to make sure to connect undetected to the command and control server in order to download the payload of the virus.

For it to cause a successful infection, the .logger files virus may be spread via different means, including spammed e-mail messages that resemble as if they come from legitimate and big companies. The most often imitated companies are online retailers, banks, online financial services and other similar big institutions. The e-mails aim to resemble the legitimate e-mails sent by those companies, for instance:

Besides via e-mail, the malware may also be uploaded as a file which aims to imitate a legitimate setup or other type of program, uploaded on suspicious websites for software downloads or torrent tracker sites. Such files often tend to imitate:

  • Setups.
  • Patches.
  • Cracks.
  • Keygens.
  • Other license activators.

.logger Files Virus – More Information and Activity

The .logger files virus is the type of infection on your computer which is from the file encryption kind, meaning that it alters the structure of your files, which results in the file becoming no longer able to be opened.

The ransomware’s first activity is to download it’s payload on the computers of the victims. The payload may be dropped in the following Windows directories:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Temp%
  • %Microsoft%

In addition to this, the malware also aims to modify various different Windows registry sub-keys, like the Run and RunOnce sub-keys in which this version of Paradise Ransomware adds registry entries with data within them which aims to automatically run the payload of the malware once you boot Windows. The registry sub-keys have the following locations:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In addition to this, the ransomware virus may also delete the shadow volume copies on the infected computer, by running the following commands as an administrator in Windows Command Prompt:

→ process call create “cmd.exe /c
vssadmin.exe delete shadows /all /quiet
bcdedit.exe /set {default} recoveryenabled no
bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures

.logger Files Virus – Encryption Process

The .logger files virus aims to perform various different types of modifications to the files on the infected computer. The virus scans for several specific types of files, like documents, audio files, images, audio files, archives and othter often used objects by the user and encrypts them by altering blocks of data from the original file with data from the encryption algorithm. This results in the files no longer being openable. After encryption, the .logger encrypted files assume the following appearance:

Remove .logger Files Virus and Restore Encrypted Files

In order to remove the .logger files virus from your computer, recommendations are to follow the removal instructions underneath this article. They are divided in manual or automatic removal methods, whose purpose is to help you delete this virus based on your malware removal experience. Be advised that for maximum effectiveness, malware researchers strongly recommend downloading an advanced anti-malware software. The primary purpose of such software is to help you to fully delete any files, related to the .logger ransomware virus and secure your computer against future infections as well.

If you aim to restore files, encrypted by the .logger files virus, we advise you to follow the alternative methods for file recovery underneath. They are created in order to help you to recover as many files encrypted by this malware as possible.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share