LINA ransomware originates from DHARMA/CrySiS malware family
Contents
Lina ransomware is a malicious file-corrupting virus that uses a combination of AES-256 and RSA-1024 cryptography algorithms to lock victim’s files until a ransom is paid. The malware is known to be a part of DHARMA ransomware family. This virus marks files during the encryption process using .id-[string].[linajamser@aol.com].lina extension. The email used in the extension might vary. The malicious program also drops FILES ENCRYPTED.txt ransom notes in every compromised data folder. This note is supposed to inform the victim about the Internet crime committed to take personal files hostage until a ransom is paid.
In addition to dropped text notes, LINA ransomware also launches a info.hta window that is named linajamser@aol.com and says “Your files are encrypted.” The note says that the victim still has a chance to decrypt .lina extension files, but for that to happen, the computer user has to contact the ransomware developers via provided emails. The main contact email is included in encrypted file extensions, although the note leaves an “alternative” email spare332@protonmail.ch to use if criminals do not reply within 12 hours.
It is clear what kind of response the criminals will provide – they will provide the price of the ransom in USD, but this sum will be asked to be paid in cryptocurrency, most likely Bitcoin. Such transfers help to protect the attackers’ identity. In exchange for the payment, the attackers promise to provide LINA file decryption key and software. However, we strongly advise against meeting cybercriminals’ demands, as they are not the people to trust.
Cybersecurity experts recommend restoring encrypted files with a help of previously created data backups, or use file recovery tools available on the market. We must note that file recovery using Volume Shadow Copies will be impossible as the virus deletes them as soon as it lands on the target system.
We strongly recommend cleansing malware remains and virus damage on the system using RESTORO.
Ransomware Summary
Name | Lina ransomware |
Type | Ransomware; Crypto-virus; File-locker |
Executive file | 000005.exe or similar |
Malware family | DHARMA/CrySiS |
Extension | .lina |
Cybercriminal contacts | linajamser@aol.com and spare332@protonmail.ch |
Symptoms | Personal files cannot be opened, their filenames now contain ID, criminal’s contact email and .lina extension |
Damage | Loss of access to personal files |
Detection names | Ransom.Crysis (Malwarebytes), Ransom:Win32/Wadhrama!hoa (Microsoft), Win32:RansomX-gen [Ransom] (Avast) and similar |
Distribution | Distributed via compromised websites, illegal downloads, malicious email spam attachments |
Removal | Remove using anti-malware software. To cleanse virus damage, we recommend using RESTORO software. See review. |
Scan your system for FREE to detect security, hardware and stability issues. You can use the scan results and try to remove threats manually, or you can choose to get the full version of software to fix detected issues and repair virus damage to Windows OS system files automatically. Includes Avira spyware/malware detection & removal engine.
Distribution methods and ways to prevent computer infections
LINA ransomware is essentially similar to ZPHS, BLM, XATI, DATA and other crypto-virus infections, and therefore it spreads in similar ways as well. The most common distribution method its operators use is malicious email spam. In such emails, criminals compose a convincing message, typically informing about a very important document such as invoice, missing payment or similar that needs to be viewed ASAP. Unfortunately, the sent document contains a malicious script that downloads and launches ransomware on victim’s computer. Therefore, computer users should always double-check the sender of the email and open its attachments only if they are 100% sure that the attachment is secure.
Another common method used to distribute ransomware-type computer viruses is illegal downloads. Here, we would like to mention popular torrent-sharing websites that promote illegal software cracks, keygens, or tools like KMSPico to crack Microsoft Windows or Office products. Remember that attempts to obtain full software versions that are usually paid can result in a full data encryption on your PC. Therefore, we suggest you to invest in legitimate software license keys and keep your personal belongings secure. We also would like to mention that illegal downloads are mostly used to distribute STOP/DJVU like KOLZ, an extremely active ransomware family nowadays.
Finally, stay away from untrustworthy websites that trigger loads of pop-ups, banner or pop-under ads. You should know that such infectious sites might display fake notifications urging you to “update” Adobe Flash or another widely used software. However, allowing to “update” can simply drag in a ransomware payload to your computer. Therefore, make sure you download software updates from the official application vendor websites or update via the program directly.
Remove LINA ransomware virus and restore your files
Before you can start restoring your files, you must remove LINA ransomware virus remains from the system. For virus damage repair on Windows OS, we kindly suggest downloading RESTORO software. It is a popular solution that can soften the damage done to the system after a malware attack on the system. For more detailed malware removal instructions, see the guide attached below.
Once LINA virus removal is complete, you can plug your data backup to the computer and start transferring clean files to your computer.
OUR GEEKS RECOMMEND
Our team recommends removing malware using a professional antivirus software.
REMOVE THREATS WITH ROBUST ANTIVIRUS
Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.
Use INTEGO Antivirus to remove detected threats from your computer.
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
LINA ransomware virus Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove LINA ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before ransomware infection.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Norbert Webb is the head of Geek’s Advice team. He is the chief editor of the website who controls the quality of content published. The man also loves reading cybersecurity news, testing new software and sharing his insights on them. Norbert says that following his passion for information technology was one of the best decisions he has ever made. “I don’t feel like working while I’m doing something I love.” However, the geek has other interests, such as snowboarding and traveling.
Leave a Reply