1 of 4
Danger level 7
Type: Trojans
Common infection symptoms:
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

LMAOxUS ransomware

LMAOxUS ransomware is a malicious computer infection that will not let you sleep at night. This dangerous program comes forth to rip you off, saying that you need to pay the ransom in order to restore your files. However, you should never comply with the demands of these cyber criminals because that would result in nothing good. Instead, you need to remove LMAOxUS ransomware and everything associated with it from your computer, at the same time looking for ways to restore your files. Public decryption tools are often unavailable because each ransomware is unique and thus new encryption codes and keys are used.

Most of the ransomware infections get around via spam email attachments, but this specific program has a unique distribution method. It usually comes with the Minecraft game. That is not to say that the game itself has anything to do with the infection. It just shows that eh criminals make use of all the potential distribution channels. Also, it is very unlikely that you will get infected with LMAOxUS ransomware if you acquire the game from its official sources. However, looking for the game on third-party file-sharing and torrent websites can easily result in a malware infection.

The infection actually has a website that you can access via lmaoxus.gq. This website displays the ransom note that says “ALL YOUR DATA ARE BELONG TO US.” In this message, the creators make fun (or recycle) a popular Internet meme from an old arcade game Zero Wong. The original “Engrish” phrase was “All Your Base Are Belong to Us,” and if you are an avid gamer, you will probably recognize it. What’s more, the website also has a clickable link. It urges you to click it if you are a “victim.” Clicking the link opens the full version of the ransom note which says the following:

You’ve been hit by LMAOxUS
But there’s still hope for you.

Send 0.1 BTC to 1Jek8L6HRj3pNpcAasgoV37eoHqLUMyYjU

Use any payment processor you want. I recommend Coinbase or Blockchain.info. If BTC is too hi-tech for you, send me an email, I’m sure we can work something out.

Once done, send an email to lmaoxus@safe-mail.net with the transaction details.

The message also goes on to say that the cyber criminal is actually a broke “college student in need of money.” Supposedly, this should make you calm down because this “student” does not care about your data, they just need the payment, and once you have paid, you will have your data back. Supposedly. But we can never be sure whether it is really the case. Quite often, ransomware creators collect the ransom fee money and do not issue the decryption keys. Also, sometimes the connection between the infection and its command and control server is too unstable to issue anything.

Unfortunately, it is not possible to restore your files unless you have a backup. LMAOxUS ransomware uses the AES algorithm to encrypt the target files. The infection supports quite a few file types, including .txt, .doc, .docx, .xls, .ppt, .odt, .jpg, .png, .php, and many others. However, it does not encrypt every single folder on your computer. We know that infection specifically targets MyPictures, MyMusic, Desktop, and Downloads directories. Therefore, if you have most of your files stored someplace else; it is very likely that a good portion of your files will not be affected by LMAOxUS ransomware.

Once the encryption is complete, the infection uses the RSA public encryption key to encrypt the AES key used to lock up your data, and then the encrypted key is set over to its C&C server. The key is then saved in its database.

It is a lot faster to restore your files by removing LMAOxUS ransomware from your system and then transferring the files back to your computer from an external or virtual hard drive. What’s more, once the encryption is complete, the executable file used to launch the infection deletes itself from the %TEMP% directory. So you need fewer files to remove.

If you do not want to remove LMAOxUS ransomware manually, you can always invest in a legitimate security application that will ensure that all the malicious files and applications get deleted from your system at once. Also, that would ensure your PC is protected from other malicious threats.

How to Remove LMAOxUS ransomware

  1. Go to your Downloads folder.
  2. Remove third-party Minecraft installer files.
  3. Press Win+R and type %TEMP%. Click OK.
  4. Delete the lmaoxus.exe file (if present).
Download Spyware Removal Tool to Remove* LMAOxUS ransomware
  • Quick & tested solution for LMAOxUS ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.