1 of 3
Danger level 9
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Slow internet connection
  • Connects to the internet without permission
  • Installs itself without permissions
  • Hijacks homepage
  • Can't be uninstalled via Control Panel

LeChiffre Ransomware

LeChiffre Ransomware is a fancy French name for a malicious application developed by Russian-speaking cybercriminals. We want to warn you that it should remove itself after encrypting personal files. Therefore, it is of paramount importance that you have an anti-malware program that would stop this infection dead in its tracks because otherwise it will wreak havoc on your computer, corrupt valuable information, and damage your files irreversibly. Its developers want you to pay a ransom fee in exchange for a decryption key. They claim that third-party software is unable to decrypt its cipher, and unfortunately, they are right. However, you should not allow yourself to be bullied by these thugs, so we do not recommend that you pay the ransom. You ought to ignore their demands, scan your PC for possible malicious remnants, and try restoring your files from a backup drive.

LeChiffre Ransomware has been created by Russian cyber criminals, and it is in the Russian language, so it is safe to say that it is also intended to infect Russian-speaking people. Therefore, it is most likely distributed on some Russian language websites. Nevertheless, the Internet is not called the World Wide Web for nothing, so your computer might also become infected with it if you venture into an unknown website. For example, not so long ago, hackers used this ransomware to infect and seize control of two bank and one pharmacy computer in Mumbai, India. However, this ransomware is somewhat unique because it relays on the victim to run so it could start encrypting the files. Of course, there had been cases when cyber criminals first hacked into a victim’s computer, copied LeChiffre Ransomware’s executable file and ran it themselves.

Apart from its rather unusual infection method, LeChiffre Ransomware is just like any serious ransomware. It has been written in the .NET programming language. It has a user interface that allows the hacker to start, pause, hide and customize the encryption process. It uses the infamous RSA 1024 bit and AES 256 bit ciphers — the most popular ciphers for ransomware developers. Again, they are impossible to decrypt without the correct decryption key, but this key is probably generated locally, but you cannot use it without the correct tool that the cyber criminals have.

This ransomware targets files that often contain personal information, such as photos, videos, documents, archives, databases, backups, etc. It adds a .LeChiffre file extension to each file and generates two files in every directory where an encrypted file is stored. These files are titled _How to decrypt LeChiffre files.html and _secret_code.txt. LeChiffre Ransomware does not lock the screen to get your attention and force you to read it ransom message. The _How to decrypt LeChiffre files.html contains instructions on how to get decrypted sample files to prove that you can get them back and further instructions on how to make the payment in Bitcoins. If you want to read the message word for word, then please read the following:


Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES. No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor, etc repair tools are useless and can destroy your files irreversibly. If you want to restore files - send e-mail to decrypt.my.files@gmail.com with the file "_secret_code.txt" and 1-2 encrypted files less than 5 MB as *.doc *.xls *.jpg, but not database (*.900 *.001 etc). Please use public mail yahoo or gmail.

You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.

P.S. Remember, we are not scammers. We don`t need your files. If you want, you can get a decryptor for free after 6 month. Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples.

If you want to get the decryption tool, then you will have to perform some strange steps. It is rather odd, but the hackers want you to send them one or two encrypted files that are less than 5MB. Moreover, even odder is the fact that you do not have to pay the ransom. All you have to do is wait six months to get the decryptor for free. Of course, you should not trust them to honor their commitments. This hacker or hacker group may abandon this “project” altogether before the six-month period elapses. Also, there is no guarantee that you will receive the decryptor once you have paid the ransom.

Furthermore, LeChiffre Ransomware creates a backdoor by replacing a file called sethc.exe (located at C:\Windows\system32\sethc.exe) with cmd.exe. Thus, the cyber criminals gain full access to your computer and can do whatever they want on it. The only way you can fix this is to manually replace this corrupted file with an original one.

So there you have it that is all of the information available about this infection. Unfortunately, you cannot decrypt the files that have been encrypted by LeChiffre Ransomware using third-party software, so your best bet is to wait the six month period and receive the decryption key without having to pay the ransom. We do not recommend paying the ransom because you will only fuel their greed and fund the development of future malware. On the site note, we suggest getting an anti-malware program to remove LeChiffre provided that its executable remains on your PC and prevent the likes of it from infecting your computer in the future.

Remove the backdoor

  1. Press Windows Key+R to open RUN.
  2. type sfc /scannow in the black Command Prompt window.
  3. Wait for the System File Checker to verify and fix the corrupted files.
  4. Restart the computer if the repair was successful.
Download Spyware Removal Tool to Remove* LeChiffre Ransomware
  • Quick & tested solution for LeChiffre Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.