LCRYPTX is a ransomware-type malware that encrypts victims’ files and demands a ransom for decryption. This cyber threat was recently identified by researchers analyzing file submissions to VirusTotal. LCRYPTX adds a .lcryx extension to encrypted files and delivers a ransom note named READMEPLEASE.txt. Victims are instructed to pay $500 in Bitcoin within five days to recover their files.
Unfortunately, paying the ransom does not guarantee file recovery, as many victims do not receive the promised decryption tool. Thus, removing LCRYPTX ransomware and securing backups remain the best ways to recover from this attack.
Threat Summary
| Attribute | Details |
|---|---|
| Name | LCRYPTX virus |
| Threat Type | Ransomware, Crypto Virus, File Locker |
| Encrypted File Extension | .lcryx |
| Ransom Note File Name | READMEPLEASE.txt |
| Ransom Amount | $500 in Bitcoin |
| Free Decryptor Available? | No |
| Cyber Criminal Contact | Website on the Tor network |
| Detection Names | Avast (Script:SNH-gen [Trj]), Combo Cleaner (Generic.Ransom.Python.O.55C9821E), ESET-NOD32 (VBS/Filecoder.BC.Gen), Kaspersky (HEUR:Trojan-Dropper.Script.Generic), Microsoft (Trojan:VBS/LCRYXRansomware.DB!MTB) |
| Symptoms of Infection | Files encrypted with the .lcryx extension, ransom note displayed, inability to open files, ransom demand for Bitcoin |
| Damage | All files encrypted and inaccessible, potential password-stealing malware co-installed |
| Distribution Methods | Phishing emails, malicious attachments, torrent sites, infected software downloads, drive-by downloads, fake software updates, network propagation |
| Danger Level | High |
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
Ransom Note Text (READMEPLEASE.txt)
Oops, all of your personal files have been encrypted by LCRYPTX RANSOMWARE!
In order to recover your files, please visit -
and send 500$ worth of bitcoin within 5 days. Read and follow the instructions properly!How LCRYPTX Ransomware Infects a System
LCRYPTX ransomware spreads through various attack vectors, including:
- Phishing Emails: Malicious attachments or links embedded in emails deceive victims into opening an infected file.
- Fake Software Updates: Malware-laced update installers trick users into downloading ransomware.
- Pirated Software & Cracked Programs: Illegal software often comes bundled with ransomware.
- Compromised Websites: Drive-by downloads infect systems without user knowledge.
- Removable Storage Devices: External drives and USB flash drives can carry and spread ransomware within a network.
Once executed, LCRYPTX encrypts all personal files, appends the .lcryx extension, and displays its ransom note.
How to Remove LCRYPTX Ransomware
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
While removing LCRYPTX will stop further encryption, it will not decrypt already encrypted files. To remove this ransomware and protect your system, follow the steps below.
Step 1: Use SpyHunter for Ransomware Removal
- Download and Install SpyHunter
- Download the latest version.
- Install SpyHunter by following the on-screen instructions.
- Perform a Full System Scan
- Launch SpyHunter and select "Start Scan Now."
- The software will scan for ransomware infections, including LCRYPTX.
- Remove Detected Threats
- After scanning, review the threats found.
- Click "Fix Threats" to remove LCRYPTX and any associated malware.
Step 2: Restart the PC in Safe Mode
- For Windows 10/11:
- Press Shift + Restart from the Start menu.
- Navigate to Troubleshoot > Advanced Options > Startup Settings.
- Press F4 to boot into Safe Mode.
- For Windows 7:
- Restart your PC and press F8 repeatedly.
- Select Safe Mode with Networking and press Enter.
Step 3: Delete Malicious Files Manually
- Navigate to the following directories and remove suspicious files:
%AppData%%LocalAppData%%Temp%%ProgramData%
- Look for recently added unfamiliar files and delete them.
Step 4: Restore System Using System Restore (If Available)
- Press Windows + R and type
rstrui.exe, then hit Enter. - Click Next and select a restore point before the infection.
- Click Finish to restore your system.
How to Prevent LCRYPTX Ransomware Attacks
Maintain Backups
- Store files on external drives, cloud storage, or offline backups.
- Use versioning features in services like Google Drive and OneDrive.
Enable Ransomware Protection
- Windows Defender: Activate Controlled Folder Access in Windows Security.
- Use anti-ransomware software like SpyHunter.
Avoid Suspicious Downloads
- Download software only from official sources.
- Do not open email attachments from unknown senders.
- Be cautious of torrent downloads.
Use Strong Security Practices
- Keep your OS and software updated.
- Use strong passwords and enable multi-factor authentication.
- Install ad-blockers to prevent malicious ads.
Disconnect Immediately if Infected
- Unplug external drives to prevent further encryption.
- Disconnect from the internet to halt ransomware communication.
Conclusion
LCRYPTX ransomware is a dangerous malware that locks your files and demands a ransom. While it is possible to remove LCRYPTX, decrypting affected files without the decryption key is highly unlikely. This makes prevention and data backups crucial in defending against ransomware attacks.
By following best security practices and using anti-malware tools like SpyHunter, you can minimize the risk of falling victim to ransomware threats like LCRYPTX.
Remove annoying malware threats like this one in seconds!
Scan Your Computer for Free with SpyHunter
Download SpyHunter now, and scan your computer for this and other cybersecurity threats for free!
