1 of 4
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

LightningCrypt Ransomware

A new ransomware infection LightningCrypt Ransomware has been discovered by specialists at pcthreat.com recently. Cyber criminals launched it on the 25th of May, 2017, so its infection rate is still quite low, but, of course, everything might change soon. Although this ransomware infection is a recent product of cyber criminals, there is not much new we can say about it because it works like other threats in the ransomware category. That is, it illegally enters the system, encrypts important files it finds there, and then demands a ransom. At the time of writing, the developer of LightningCrypt Ransomware wants 0.17 Bitcoin (~ $417) from users, but they should not give a cent to them because the chances are small that users will get their files decrypted after sending the money required. What specialists recommend victims of ransomware infections do instead is to remove them as soon as possible. These threats cannot be kept active on systems because they can strike again and encrypt new files. Also, they might help new threats to crawl into the system easier.

LightningCrypt Ransomware is an ordinary ransomware infection encrypting files. When users launch its file ChkDsk.exe (it has this name not without reason – it pretends to be a harmless disk checker), it scans the system, find where users’ important files are located, and, finally, encrypts those all files without mercy. It only encrypts documents, text files, music, videos, images, and some other files, which means that Windows files will not be ruined and your system will continue working normally after its successful infiltration. The only thing that will be different is your files – they will have a new extension .LIGHTNING appended to them, and, unfortunately, you could not open any of them. What you will also see is a new .txt opened, new Desktop background set, and a black window opened on your Desktop. Last but not least, three new files will be created by the ransomware infection on your computer: LightningCrypt_Recover_Instructions.txt, LightningCrypt_Recover_Instructions.png, and LightningCrypt_UniqeID.txt. Thanks to new Desktop background, a black window opened, and .txt files created by ransomware, users find out quickly what cyber criminals expect them to do. It is not surprising at all that LightningCrypt Ransomware demands money because that is all ransomware infections do. If you believe that it is the quickest way to get files back, you are wrong. Many users get nothing after sending money to cyber criminals, and we do not want you to be one of them. Therefore, we recommend removing LightningCrypt Ransomware the moment you discover it on your computer. Do not worry; it is not impossible to unlock files without the special decryptor. For example, you can recover them from a backup (if you back up your files periodically), or you can wait till specialists release a free decryption tool.

It is already clear that LightningCrypt Ransomware always enters computers illegally. Two distribution methods are adopted the most commonly to disseminate it: 1) it might travel as an attachment in spam emails and start working on users’ PCs the second they open it; 2) it might be promoted on a file-sharing page as an ordinary program. Even experienced users find it hard to protect their PCs from malicious software, so, in the opinion of security experts, all inexperienced users must have a security application active on their PCs. As long as they update it periodically and keep active, no malware could cause problems to them.

Remove LightningCrypt Ransomware as soon as possible if you have arrived at a decision not to send money to cyber criminals. Your files, unfortunately, will not be decrypted, but you necessarily need to erase this infection from your PC because it will continue performing activities on your system, for example, it might keep connecting to such URLs as rammichael.com/downloads/7tt_setup.exe, lupa-romana.de/blog/tag/marcus-antonius/, and arizonacode.bplaced.net. You can delete it either manually or automatically – it depends on you which of these methods you adopt. Instructions for the manual removal of ransomware are provided below, but if you decide to erase it automatically, you will need to acquire an automated malware remover – click on the Download button you see below to get a free diagnostic antimalware scanner.

Remove LightningCrypt Ransomware

Start your PC in Safe Mode

Windows 8/8.1/10

  1. Press Win+C and click Settings (if you use Windows 8/8.1) OR click on the bottom-left corner button (if you use Windows 10).
  2. Click on the Power button.
  3. Press the Shift key, hold it, and click Restart.
  4. Click Troubleshoot and select Advanced options.
  5. Click Startup Settings.
  6. Click on the Restart button.
  7. Press F4 on your keyboard to enable Safe Mode.
  8. Remove the ransomware infection from your computer.

Windows XP/Vista/7

  1. Restart your computer and start tapping the F8 key on your keyboard in 1 second intervals.
  2. From the Advanced Boot Options menu, select Safe Mode using arrow keys.
  3. Press Enter.
  4. Wait for your PC to restart and start the ransomware infection removal process.

Delete the ransomware infection

  1. Tap Ctrl+Alt+Del and then open the Task Manager.
  2. Open the Processes tab.
  3. Kill all suspicious processes (right-click on a process and select End Process to kill it).
  4. Close the Task Manager and open the Windows Explorer (press Win+E).
  5. Go to three directories %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop and remove all recently downloaded files.
  6. Close the Windows Explorer and launch Run (tap Win+R).
  7. Type regedit.exe in the command line and click OK.
  8. Open the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run registry key.
  9. If you find any suspicious entries, delete them.
  10. Close the Registry Editor.
  11. Delete .txt files (LightningCrypt_Recover_Instructions.txt, LightningCrypt_UniqeID.txt, and LightningCrypt_Recover_Instructions.png ) from Desktop and empty the Recycle bin.
Download Spyware Removal Tool to Remove* LightningCrypt Ransomware
  • Quick & tested solution for LightningCrypt Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.