LOG ransomware released as yet another Dharma virus spin-off
Contents
LOG ransomware is a malicious data-encrypting computer virus that originates from Dharma ransomware family. The virus can be recognized from .[Logan8833@aol.com].LOG extensions it uses to mark encrypted files. The aim of this malicious program is to restrict victim’s access to personal files, then demand a ransom payment, as stated in the ransom note called FILES ENCRYPTED.TXT. First noticed by a researcher Jakub Kroustek, the crypto-malware has infected thousands of computers worldwide.
The virus leaves ransom notes in two forms – a pop-up window, and FILES ENCRYPTED.txt file. The pop-up is titled as Logan8833@aol.com and contains a message from the cyber criminals and authors of the LOG ransomware. The note starts with a large line stating “Your files are encrypted”, following by a verification that all files can be returned. In order to restore them, the victim is instructed to contact the attackers via Logan8833@aol.com email address. The note also contains the victim’s ID, which the victim has to include in the email so that the criminals could identify the infected host. The ransom note also informs that in case the criminals do not reply within 12 hours, the victim should write to alternative email address – helpme24@tuta.io.
Then the ransom note contains some alerts written in red background, stating that the victim should not try to rename encrypted .LOG files, decrypt them using third-party tools or use third-party decryption services which are scam as they simply pay the criminals and add a commission fee.
The text file is much shorter and contains the following text:
all your data has been locked us
You want to return?
write email Logan8833@aol.com or HelpMe24@tuta.io
When it comes to cybersecurity experts’ opinion, you should not pay the criminals, never. There are many reasons not to do so, and one of them is supporting cybercrime. Another reason not to pay up is that you can get scammed and still never receive your files. Cyber crooks are chatty and friendly until they convince you to pay the money, and once you do, they might disappear in a second.
That said, we recommend you to protect your system by removing all malicious remains using a malware-removal software. For virus damage repair, consider scanning with RESTORO. After you remove LOG ransomware from Dharma, you can try to restore at least part of your files using data backups.
Threat Summary
Name | LOG ransomware |
Category | Ransomware; crypto-malware, file locker |
Encryption type | AES-256 algorithm, the key is then secured with RSA-1024 algorithm. |
Extension used for encrypted files | .[Logan8833@aol.com].LOG |
Emails provided | Logan8833@aol.com and HelpMe24@tuta.io |
Antivirus detection names | Trojan.Ransom.Crysis.E (BitDefender), TR/Dropper.Gen (Avira), Trojan-Ransom.Win32.Crusis.to (Kaspersky), Ransom.Crysis.Generic (Malwarebytes) source VirusTotal |
Distribution | Remote Desktop Protocols, Phishing emails, Software/Hardware Vulnerabilities, Malicious Online Downloads |
Decryption | Criminals might suggest free decryption for one file and then demand ransom payment for the rest of the files |
Removal | Remove ransomware remains automatically, for example, using RESTORO with in-built Avira Antivirus scanner. |
DHARMA variants pushed via Remote Desktop Protocol
Dharma ransomware variants such as LOG, DATA and others are mostly pushed via Remote Desktop Protocol (RDP) ports. Such ports are known to be used for remote work environment so that employees could connect to the work network remotely (for example, from home, cafe and similar). Therefore, criminals might be able to exploit this with the help of port scanning and brute-forcing RDP sessions until the required credentials are gained. What is more, various corporate RDP credentials can be purchased on dark web websites for a couple of dollars only. That said, this is rather an easy road for a bit experienced hackers to take and infect networks with file-encrypting malware such as LOG virus.
An alternative method to hack into the system is to phish an employee to get access to the target network. For example, criminals might send a convincing email for an employee, suggesting to visit a specific domain or download an infected file. As a result, malware might be installed on the target system silently and used to transmit keystrokes or browser-saved passwords to the criminals. What happens next is upon the criminals and their goals.
Screenshot of folder with encrypted files marked with .[Logan8833@aol.com].LOG extensions is shown below.
Remove LOG ransomware virus and recover your files
It is recommended that you remove LOG ransomware virus using a professional and automatic malware removal tool. This way, you can count on an algorithm used to destroy malicious remains. Our recommended tool, RESTORO, includes Avira Antivirus scanner, and can also repair virus damage done to Windows OS files. Besides, by running an automated tool, you can identify and destroy all other malware instances that may have been installed on the system previously.
Only after deleting the malware from your system, you can concentrate on data recovery methods. A thorough LOG ransomware removal guide is provided below, so make sure you follow all the given steps attentively. You might also be interested in suggested software alternatives provided at the end of the article.
To decrypt .LOG files, we suggest you to use data backups, or remain patient. Currently, no data recovery tool is capable of restoring all of the files.
OUR GEEKS RECOMMEND
Our team recommends removing malware using a professional antivirus software.
REMOVE THREATS WITH ROBUST ANTIVIRUS
Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.
Use INTEGO Antivirus to remove detected threats from your computer.
GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.
LOG ransomware virus Removal Guidelines
Method 1. Enter Safe Mode with Networking
Step 1. Start Windows in Safe Mode with Networking
Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it:
Instructions for Windows XP/Vista/7 users
- First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
- Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.
Instructions for Windows 8/8.1/10 users
- Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.
Step 2. Remove files associated with the virus
Now, you can search for and remove LOG ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).
Method 2. Use System Restore
In order to use System Restore, you must have a system restore point, created either manually or automatically.
Step 1. Boot Windows in Safe Mode with Command Prompt
Instructions for Windows XP/Vista/7 users
- Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
- Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.
Instructions for Windows 8/8.1/10 users
- Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
- This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
- In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.
Step 2. Start System Restore process
- Wait until system loads and command prompt shows up.
- Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
- This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before ransomware infection.
- Click Yes to begin the system restoration process.
After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future.
Alternative software recommendations
Malwarebytes Anti-Malware
Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.
System Mechanic Ultimate Defense
If you're looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek's Advice approval. Get it now for 50% off. You may also be interested in its full review.
Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.
Matt Corey is passionate about the latest tech news, gadgets and everything IT. Matt loves to criticize Windows and help people solve problems related to this operating system. When he’s not tinkering around with new gadgets he orders, he enjoys skydiving, as it is his favorite way to clear his mind and relax.
Leave a Reply