LittleFinger is a new ransomware virus discovered by MalwareHunterTeam on May 30th, 2018 and named by malware analyst Karsten. This dangerous crypto-extortionist is believed to be still in development but most antivirus programs do recognize it as a malicious threat, according to virustotal.com.
Although LittleFinger asks for one of the smallest ransom (0.01 BTC = $75) compared to Iron ransomware (0.2 BTC = $1200), TripleM (0,25BTC=$4000) or MauriGo (from 0.7 BTC = $6444 up to 5 BTC = $46k), it doesn’t mean that you should take this crypto-infection is less serious or pay the ransom. Usually, such cheap ransomware like LittleFinger or RandomLocker (asks for $10 USD), collect the most because users are more willing to pay the little amount for their files thinking that they can trust the crooks. But the reality shows different and you should remove LittleFinger without compromising.
Note: Spyhunter trial provides detection of parasites and assists in their removal for free.
limited trial available,
Terms of use, Privacy Policy, Uninstall Instructions,
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free.
limited trial available,
Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Littlefinger quicklinks
(Win)
(Mac)
What does LittleFinger ransomware do
The recently discovered LittleFinger virus was at first thought to be based on HiddenTear open-source code because of the simplistic looking design, console text ransom note and the ransom amount, however, after the later investigations cyber analysts discovered that the LittleFinger is not just a plain modified version of the HiddenTear, but actually a quite tough and somewhat unique parasite, which can be in the developmental stage, collecting ransom for upgrades.
The principle of ransomware threats is to only target the data that have more value to the user like personal documents, photos or videos, leaving the system files uncorrupted, so the PC would still run properly, and they could ask for a ransom. What is interesting about this LittleFinger ransomware is that instead of the usual compromised files’ marking with specific extension eg. filename.jpg.littlefinger, it uses the 0x3737451845184518 string to sign the encrypted files.
The LittleFinger ransom note is displayed as a console text:
YOUR FILES ARE ENCRYPTED YOU FINGERPRINT: xxxxxxxxxxxxxxxx
SEND 0.01 BTC to address: 1LjKnoJed8f6tiF4QwuHUD6EUMwcRVp9oY
SEND TRANSACTIONID AND FINGERPRINT to [email protected]
YOU RECEIVE DECRYPTOR INBOX
How can LittleFinger virus spread
LittleFinger ransomware is usually distributed with malicious emails crooks send to random or specific email addresses containing the infected attachment. You probably already heard about the Locky virus spreading through 23 million spam emails. However LittleFinger is not limited to just one infection tactic and can easily be installed into your PC via bundling, fake updates, advertisements, exploits, P2P networks and etc. imperva.com has more details on the malware spreading methods.
It is always important to know the distribution information about the viruses because it can help you identify the malicious core of the problem and to prevent the future infections. Furthermore, we advise you to read the Ultimate Security Guide Against Ransomware, which will be very beneficial to save yourself from another unpleasant situation like this.
How to solve the LittleFinger ransomware infection
There is no doubt that LittleFinger malware shouldn’t stay in your computer any longer. So what do you need to do to solve the existing virus infection? The first part of the compromised PC’s recovery must start with the virus removal. It can be done in two ways as well – automatically or manually. There is not much difference which method you choose, as long as you remove the virus completely.
Since manual removal can take a lot longer and might not delete everything, we suggest running a scan by the trusted anti-malware software. You can find the full list of spyware removal programs here, yet 2-viruses.com team usually go with Malwarebytes and Spyhunter. These tools have the most updated virus databases and just in a few clicks can remove LittleFinger saving you tons of time. Additionally, you might find the article about the differences of Antivirus programs interesting.
Note: Spyhunter trial provides detection of parasites and assists in their removal for free.
limited trial available,
Terms of use, Privacy Policy, Uninstall Instructions,
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free.
limited trial available,
Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,
Automatic Malware removal tools
(Win)
(Mac)
On the other hand, Malwarebytes or Spyhunter can’t recover the locked files. At the moment of writing the decryptor for LittleFinger ransomware is not yet available. You are a lucky person if you routinely make backups (Best ways to do BackUps) of your important files, which can be accessed again by performing the system restore before the infection. Unfortunately, from the experience, we know that it’s a rare case and you will have to hope that LittleFinger didn’t delete the shadow volume copies of your files, which can be the last savior. We do not promise the recovery but it doesn’t hurt to try the following steps.
Manual LittleFinger virus removal and file restore
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2. Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before Aurora malware has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Restore LittleFinger ransomware affected files using Shadow Volume Copies
If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually LittleFinger virus tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so.
Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer.
a) Native Windows Previous Versions
Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
b) Shadow Explorer
It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 3. Use Data Recovery programs to recover LittleFinger ransomware encrypted files
There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download Data Recovery Pro (commercial)
- Install and scan for recently deleted files.
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus we recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.