The Leakdb virus belongs to the Phobos ransomware family. Malware of this type encrypts all user’s data on the computer (photos, documents, excel tables, music, videos, etc) and adds its extra extension to every file, creating the info.txt text files in every folder containing encrypted files.
Leakdb virus: what is known so far?
☝️ Leakdb is a Phobos family ransomware-type virus.
The renaming will be executed by the following scheme: id[xxxxxx].[contact-email].LEAKDB. After the encryption, a file named, for instance, “report.docx” will be altered to “report.docx.id[9ECFA84E-3143].[[email protected]].LEAKDB”.
In each directory that contains the encrypted files, a info.txt file will appear. It is a ransom money memo. It contains information about the ways of contacting the racketeers and some other information. The ransom note most probably contains instructions on how to purchase the decryption tool from the racketeers. You can get this decoding tool after contacting [email protected] via email. That is it.
Leakdb Overview:
| Name | Leakdb Virus |
| Ransomware family1 | Phobos ransomware |
| Extension | .LEAKDB |
| Ransomware note | info.txt |
| Contact | [email protected] |
| Detection | Win32/Filecoder.Avaddon.H, TrojanDropper:Win32/BcryptInject.A!MTB, BScope.TrojanRansom.Reveton |
| Symptoms | Your files (photos, videos, documents) get a .LEAKDB extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Leakdb virus |
The info.txt document accompanying the Leakdb malware states the following:
Your data is encrypted and downloaded! Unlocking your data is possible only with our software. Important! An attempt to decrypt it yourself or decrypt it with third-party software will result in the loss of your data forever. Contacting intermediary companies, recovery companies will create the risk of losing your data forever or being deceived by these companies. Being deceived is your responsibility! Learn the experience on the forums. Downloaded data of your company. Data leakage is a serious violation of the law. Don\'t worry, the incident will remain a secret, the data is protected. After the transaction is completed, all data downloaded from you will be deleted from our resources. Government agencies, competitors, contractors and local media not aware of the incident. Also, we guarantee that your company\'s personal data will not be sold on DArkWeb resources and will not be used to attack your company, employees and counterparties in the future. If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility. Contact us. Write us to the e-mail:[email protected] In case of no answer in 24 hours write us to this e-mail:[email protected] Write this ID in the title of your message: - If you have not contacted within 2 days from the moment of the incident, we will consider the transaction not completed. Your data will be sent to all interested parties. This is your responsibility. Do not rename encrypted files Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
In the picture below, you can see what a folder with files encrypted by the Leakdb looks like. Each filename has the “.LEAKDB” extension appended to it.
That is how encrypted “.LEAKDB” files look.
How did my computer get infected with Leakdb ransomware?
There are plenty of possible ways of ransomware injection.
There are currently three most exploited methods for evil-doers to have ransomware planted in your system. These are email spam, Trojan injection and peer-to-peer file transfer.
- Another thing the hackers might try is a Trojan virus scheme. A Trojan is a program that gets into your machine disguised as something legal. Imagine, you download an installer of some program you need or an update for some program. But what is unboxed turns out to be a harmful program that corrupts your data. Since the installation file can have any name and any icon, you have to make sure that you can trust the resource of the things you’re downloading. The optimal way is to use the software companies’ official websites.
- As for the peer networks like BitTorrent or eMule, the threat is that they are even more trust-based than the rest of the Internet. You can never guess what you download until you get it. So you’d better be using trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded items with the antivirus as soon as the downloading is complete.
How to remove ransomware?
It is important to note that besides encrypting your files, the Leakdb virus will most likely deploy Vidar Stealer on your computer to get access to credentials to different accounts (including cryptocurrency wallets). The mentioned spyware can derive your credentials from your browser’s auto-filling cardfile.
How to avert ransomware infiltration?
Leakdb ransomware doesn’t have a superpower, so as any similar malware.
You can protect yourself from ransomware infiltration in three easy steps:
- Never open any letters from unknown senders with strange addresses, or with content that has nothing to do with something you are waiting for (can you win in a lottery without participating in it?). In case the email subject is more or less something you are waiting for, check all elements of the dubious letter carefully. A fake letter will surely have a mistake.
- Never use cracked or untrusted programs. Trojans are often spreaded as an element of cracked products, most likely under the guise of “patch” which prevents the license check. Understandably, untrusted programs are difficult to tell from reliable ones, as trojans sometimes have the functionality you seek. Try to find information on this program on the anti-malware message boards, but the optimal way is not to use such software.
Frequently Asked Questions
🤔 Is it possible to open “.LEAKDB” files?
Unfortunately, no. You need to decipher the “.LEAKDB” files first. Then you will be able to open them.
🤔 What should I do to make my files accessible as fast as possible?
Hopefully, you have made a copy of those important files. If not, there is still a function of System Restore but it needs a Restore Point to be previously saved. There are other ways to beat ransomware, but they take time.
🤔 What actions should I take if the Leakdb ransomware has blocked my computer and I can’t get the activation code.
🤔 What can I do right now?
Some of the blocked files can be located elsewhere.
- If you sent or received your critical files via email, you could still download them from your online mail server.
- You may have shared photographs or videos with your friends or family members. Just ask them to send those pictures back to you.
- If you have initially downloaded any of your files from the Internet, you can try to do it again.
- Your messengers, social media pages, and cloud disks might have all those files too.
- Maybe you still have the needed files on your old computer, a notebook, cellphone, flash memory, etc.
USEFUL TIP: You can employ data recovery utilities2 to retrieve your lost information since ransomware blocks the copies of your files, removing the original ones. In the video below, you can learn how to recover your files with PhotoRec, but be advised: you can do it only after you eradicate the virus with an anti-malware program.
Leave a Comment