What is a Londec file? A file with the .londec extension is a file that has been locked by Londec ransomware that similar to other ransomware (such as Prandel or Kovasoh). These security threats are also known as crypto viruses that use a strong encryption method in order to lock users’ data. It is not possible to open the files by simply changing the file extension. The photos, documents and music will be unlocked only if users pay for the special code key that will unlock these files.
Londec ransomware virus was developed by fraudsters to lock various files on the user’s PC, using complex ciphered combination, that makes it impossible for the user to independently decrypt the affected files that have received .londec extension. Londec known to encrypt almost all file types, including files with extensions:
.srf, .fpk, .wpb, .sav, .pef, .sidn, .png, .kf, .zi, .t12, .wma, .kdc, .pkpass, .ods, .itdb, .raf, .wmo, .xdb, .lvl, .3fr, .hplg, .crt, .odm, .mddata, .vcf, .odp, .bay, .dcr, .xlk, .wpw, .zdc, .docx, .rim, .txt, .py, .asset, .p7b, .qic, .fsh, .bkp, .jpeg, .wp, .tor, .hkdb, wallet, .mpqge, .rb, .icxs, .indd, .litemod, .dng, .dxg, .wdp, .x3d, .syncdb, .hkx, .cr2, .fos, .wbk, .pdd, .wsh, .xlsb, .lbf, .r3d, .ztmp, .wgz, .snx, .wri, .cdr, .pptx, .ncf, .sr2, .bsa, .xf, .wpa, .w3x, .0, .mov, .psd, .vtf, .cfr, .yml, .svg, .accdb, .upk, .wps, .dwg, .gdb, .epk, .pfx, .xls, .xml, .1, .xbplate, .xlgc, .m2, .webp, .wpd, .sum, .rar, .jpg, .dmp, .m4a, .ntl, .cas, .db0, .ibank, .ws, .mdbackup, .wpd, .3dm, .wbd, .lrf, .ybk, .mcmeta, .orf, .pptm, .iwd, .wotreplay, .wb2, .ysp, .esm, .xxx, .xls, .wpg, .1st, .mef, .doc, .zip, .rw2, .wpe, .rwl, .wmv, .xdl, .wpl, .rtf, .dazip, .webdoc, .wbmp, .xar, .dbf, .z, .wp7, .srw, .d3dbsp, .x3f, .wbm, .pem, .mrwref, .y, .vdf, .bkf, .odb, .xbdoc, .itl, .eps, .iwi, .erf, .wcf, .wm, .big, .dba, .wp5, .wmv, .wmd, .wdb, .sb, .wbz, .xlsx, .gho, .layout, .wmf, .raw, .xlsm, .pak, .map, .bc6, .xmmap, .ai, .xyp, .js, .mlx, .x3f, .odc, .wire, .xwp, .das, .mp4, .wsd, .psk, .m3u, .pdf, .jpe, .arch00, .ltx, .xpm, .vpp_pc, .wsc, .wbc, .forge, .csv, .desc, .vpk, .apk, .mdf, .hvpl, .cer, .tax, .der, .xx, .yal, .xyw, .wpt, .sid
The Londec virus blocks users’ files using very strong hybrid encryption with a large key, overwrites most of the content of the original files with the encrypted data and adds the .londec extension to each encrypted file. The victim who sees the files with .londec extension understands that they are locked and will remain so until he pays the attackers the required amount of money for obtaining a special key that will decrypt the files. Usually, the makers of the Londec ransomware leave a ransom note named ‘_readme.txt’ to users who have infected their computer with this ransomware virus, indicating the required amount of ransom.
Threat Summary
Name | Londec |
Type | File locker, Ransomware, Crypto malware, Crypto virus, Filecoder |
Encrypted files extension | .londec |
Ransom note | _readme.txt |
Contact | gorentos@bitmessage.ch |
Ransom amount | $980 in Bitcoins |
Symptoms | Unable to open personal files. Your photos, documents and music have new extension appended at the end of the file name. Files called like ‘_readme.txt’, or ‘_readme’ in each folder with at least one encrypted file. |
Distribution ways | Malicious e-mail spam. Exploit kits (cybercriminals use ransomware virus packaged in an ‘exploit kit’ that can find a vulnerability in Microsoft Windows OS, PDF reader, Browser, Adobe Flash Player). Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a suspicious link). Torrent webpages. |
Removal | To remove Londec ransomware use the removal guide |
Decryption | To decrypt Londec ransomware use the steps |
After reading this article, you will know how to deal with the Londec file virus. It is important for you to remember that we also cannot guarantee you an absolute solution to all your Londec ransomware virus problems. We can offer you a way that might help. Nevertheless, this method is worth your attention because there is still a possibility that it will help you remove Londec ransomware and unlock files that have been locked by ransomware virus.
Quick links
- How to remove Londec crypto malware
- How to decrypt .londec files
- Londec decryption tool
- How to restore .londec files
- How to protect your computer from Londec ransomware virus?
- Finish words
How to remove Londec crypto malware
Ransomware, spyware, trojans and worms can be difficult to delete manually. Do not try to uninstall this software without the aid of malware removal tools. In order to fully remove Londec ransomware virus from your machine, use professionally developed tools, such as Zemana, MalwareBytes AntiMalware and KVRT.
Use Zemana Anti Malware to remove Londec virus
Zemana is a complete package of antimalware tools that can help you remove Londec ransomware. Despite so many features, it does not reduce the performance of your system. Zemana Anti-Malware has the ability to delete almost all the forms of ransomware including crypto malware, trojans, worms, adware, hijacker infections, potentially unwanted applications and other malware. Zemana Free has real-time protection that can defeat most malicious software and crypto virus. You can run Zemana with any other antivirus without any conflicts.
Zemana can be downloaded from the following link. Save it to your Desktop.
164101 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
Once downloading is done, close all windows on your system. Further, open the install file called Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as shown on the image below, press the “Yes” button.
It will open the “Setup wizard” which will allow you install Zemana on the system. Follow the prompts and do not make any changes to default settings.
Once installation is finished successfully, Zemana Anti-Malware (ZAM) will automatically start and you may see its main window as displayed on the image below.
Next, click the “Scan” button to perform a system scan for the Londec ransomware related folders,files and registry keys. This procedure can take quite a while, so please be patient.
Once the scan get completed, you can check all threats detected on your personal computer. Review the results once the tool has finished the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply press “Next” button.
The Zemana Free will delete Londec crypto virus and other security threats and move items to the program’s quarantine. When that process is done, you may be prompted to reboot your PC system.
How to uninstall Londec with MalwareBytes
We recommend using the MalwareBytes. You can download and install MalwareBytes to search for and uninstall Londec from your personal computer. When installed and updated, this free malware remover automatically finds and deletes all threats present on the machine.
Click the link below to download the latest version of MalwareBytes for Microsoft Windows. Save it on your MS Windows desktop.
326456 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After the downloading process is done, close all applications and windows on your computer. Open a directory in which you saved it. Double-click on the icon that’s named mb3-setup as displayed in the figure below.
When the installation starts, you’ll see the “Setup wizard” that will help you set up Malwarebytes on your personal computer.
Once installation is done, you will see window as displayed in the figure below.
Now click the “Scan Now” button to perform a system scan with this utility for the Londec ransomware related folders,files and registry keys. A system scan can take anywhere from 5 to 30 minutes, depending on your personal computer. When a malware, adware or PUPs are found, the number of the security threats will change accordingly.
Once the scan is done, it will show the Scan Results. Once you’ve selected what you want to delete from your system click “Quarantine Selected” button.
The Malwarebytes will now begin to delete Londec crypto malware, other malware, worms and trojans. When the task is finished, you may be prompted to reboot your computer.
The following video explains step-by-step guide on how to uninstall browser hijacker, adware and other malicious software with MalwareBytes.
Get rid of Londec ransomware from computer with KVRT
KVRT is a free portable program that scans your PC for adware, PUPs and crypto viruss like Londec and helps uninstall them easily. Moreover, it will also help you delete any malicious internet browser extensions and add-ons.
Download Kaspersky virus removal tool (KVRT) from the following link. Save it to your Desktop so that you can access the file easily.
129081 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
When the downloading process is finished, double-click on the KVRT icon. Once initialization procedure is complete, you’ll see the Kaspersky virus removal tool screen as displayed in the figure below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button for checking your personal computer for the Londec crypto virus and other malware. This task can take some time, so please be patient. During the scan KVRT will detect threats exist on your PC.
After Kaspersky virus removal tool completes the scan, KVRT will display a screen which contains a list of malicious software that has been detected such as the one below.
Once you have selected what you wish to delete from your computer click on Continue to begin a cleaning process.
How to decrypt .londec files
You can damage documents, photos and music affected by Londec ransomware, or make them useless forever if you try to find the special code key on your own, which is almost impossible in view of its cryptographic complexity. It is very important to know and understand the level of importance of constantly backing up important files to various media, like an USB stick, so that in case of damage to your PC system by ransomware you can always extract a copy of locked files.
Never pay the ransom! Some users, wishing to restore access to blocked photos, documents and music, pay the ransom amount of money to cybercriminals. However, it is important to remember before performing this action that you are interacting with unscrupulous and dishonest people, and the probability that after transferring money they will not provide you with a special code key and Londec decryption utility to unlock .londec files or increase the amount of ransom is high enough.
It is not necessary to pay the online criminals a ransom, the best option in case of infection of this crypto virus is to archive the files that were affected by it, until the moment of obtaining the Londec decryption tool. On this article below you will find useful instructions on how to recover encrypted personal files for free.
Londec decryption tool
With some variants of Londec virus, it is possible to decrypt encrypted files using free tools listed below.
Michael Gillespie (@) released the Londec decryption tool named STOPDecrypter. It can decrypt .Londec files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
STOPDecrypter is a program that can be used for Londec files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Londec files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
If STOPDecrypter does not help you to decrypt .Londec files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.
How to restore .londec files
In some cases, you can recover files encrypted by Londec crypto malware. Try both methods. Important to understand that we cannot guarantee that you will be able to restore all encrypted files.
Restore .londec encrypted files using Shadow Explorer
The MS Windows has a feature named ‘Shadow Volume Copies’ that can help you to restore .londec files encrypted by the Londec ransomware virus. The solution described below is only to recover encrypted photos, documents and music to previous versions from the Shadow Volume Copies using a free tool called the ShadowExplorer.
ShadowExplorer can be downloaded from the following link. Save it on your MS Windows desktop.
438803 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the downloading process is done, extract the saved file to a folder on your PC. This will create the necessary files as on the image below.
Run the ShadowExplorerPortable program. Now select the date (2) that you wish to restore from and the drive (1) you wish to restore files (folders) from like the one below.
On right panel navigate to the file (folder) you want to restore. Right-click to the file or folder and click the Export button as displayed on the image below.
And finally, specify a directory (your Desktop) to save the shadow copy of encrypted file and click ‘OK’ button.
Recover .londec files with PhotoRec
Before a file is encrypted, the Londec ransomware virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your photos, documents and music using file recover programs such as PhotoRec.
Download PhotoRec on your Microsoft Windows Desktop from the following link.
When the downloading process is done, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed on the screen below.
Double click on qphotorec_win to run PhotoRec for MS Windows. It will open a screen like below.
Select a drive to recover as shown in the following example.
You will see a list of available partitions. Select a partition that holds encrypted photos, documents and music as displayed on the screen below.
Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.
Next, press Browse button to choose where recovered photos, documents and music should be written, then press Search.
Count of recovered files is updated in real time. All restored documents, photos and music are written in a folder that you have selected on the previous step. You can to access the files even if the restore process is not finished.
When the restore is finished, press on Quit button. Next, open the directory where recovered documents, photos and music are stored. You will see a contents like the one below.
All recovered photos, documents and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you are searching for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your computer from Londec ransomware virus?
Most antivirus apps already have built-in protection system against the crypto virus. Therefore, if your system does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.
Use HitmanPro.Alert to protect your system from Londec crypto malware
All-in-all, HitmanPro.Alert is a fantastic utility to protect your PC system from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows operating system from Microsoft Windows XP to Windows 10.
Download HitmanPro Alert on your personal computer by clicking on the link below.
After downloading is finished, open the file location. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. After the utility is started, you’ll be displayed a window where you can select a level of protection, as shown in the following example.
Now press the Install button to activate the protection.
Finish words
After completing the step-by-step tutorial outlined above, your PC system should be clean from Londec crypto virus and other malicious software. Your PC system will no longer encrypt your documents, photos and music. Unfortunately, if the step-by-step instructions does not help you, then you have caught a new variant of crypto virus, and then the best way – ask for help here.