nryds

Help, important files are encrypted by LETO

Recommended Posts

Hello, my computer was attacked by LETO ransomware a few days ago. I clicked a link from my e-mail (I thought it was from FedEx!) and suddenly my AVG detected a bunch of Trojan files entered the computer system. There was a fake Windows-update popped up (I ended it from the task manager before it reached 100%) and my computer also became disconnected from the available internet connection. AVG and Windows defender could detect the malicious threats, but they could not delete nor move those to quarantine. I checked all my files and they are all encrypted with .leto extension after that.

I did data backup then reinstall the Windows and scanned my PC with AVG, Spyhunter, and Kaspersky. The PC was then declared clean by those three programs. My questions are:

1. By reinstalling Windows, does that mean I also remove and get rid of the virus/malware completely?

2. How do I decrypt the now-encrypted .leto files? I've read a bunch of articles from the internet and tried your DJVU Decryptor, but it was unable to decrypt the files with this error note >>

Error: List that this enumerator is bound to has been modified. An enumerator can only be used if the list does not change.

Error: Unable to decrypt file with ID: dR3CqxAcqVUrEckQXmOIcWGPygjWWxy6QFI5Ole6

Please help. I truly appreciate what you guys do here on Emsisoft. Thank you.

Share this post


Link to post
Share on other sites
Quote

.leto extension

This is one of the new variants of STOP Ransomware

Try this tool,  if the files are encrypted with an offline key, then there is a chance to decrypt some files.

https://www.emsisoft.com/ransomware-decryption-tools/free-download 
 https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu

Files encrypted with online keys (when the PC was connected to the Internet) will not be decrypted. 

Share this post


Link to post
Share on other sites

Thanks @Amigo-A for your kind response. I have tried to use the same decryptor you linked to and the result was:

Error: Unable to decrypt file with ID: dR3CqxAcqVUrEckQXmOIcWGPygjWWxy6QFI5Ole6

Does it mean that my files are encrypted with online keys so I have no chance to get my files back?

Should I hang to these encrypted files, waiting until someone invented the tools that can decrypt my files? Or should I just start saving to pay the ransom? I certainly don't want to pay these criminals, but I also want to get all my files (or at least some of them) back. Please suggest what else needs to be done.  

Share this post


Link to post
Share on other sites

Definitely, we do not recommend paying a ransom...
But if encryption was done using online keys, then there is no chance to decrypt files in the next millions of years without a private key.

I can not say about the ID. This can only be said by the developer of the decryptor.

Share this post


Link to post
Share on other sites
21 hours ago, nryds said:

Does it mean that my files are encrypted with online keys so I have no chance to get my files back?

That's almost certainly the case. The vast majority of STOP/Djvu offline ID's end in t1 and I would believe that all new offline ID's are still following this pattern. Since your ID doesn't end in t1, that's a good indication that it's an online ID.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.