Greetings !!

I have a customer with all the files (xls/pdf/doc/etc…) crypted by a ransomware that changed the extensions to llmxpyc.

Anyone have an idea from which malware this come from ?

The crypted datas may be cracked if I knew the algorithm family it is declined from.

i think newer ransomware versions encrypt with randome file extension

Essexboy may have some info when online

You could try this http://www.bleepingcomputer.com/forums/t/577953/locker-developer-releases-private-key-database-and-3rd-party-decrypter-released/

It is mainly spread through the web by showing the user something like “It is recommended to update your video player”.

Here are three decryption tools you could try:
https://noransom.kaspersky.com/
http://blogs.cisco.com/security/talos/teslacrypt
http://tinyurl.com/oxtlmvv

thx, I will try something…

Still not have news about SERIOUS unlocker… it’s a shame that some idiots are refering to things like Stellar … WDR or SpyHUNTER to DECRYPT llmxpyc crypted files…

I got two key.dat files… if I could help people who try to fight this crypting algo… lemme know.

Only/best thing you can do is send all info you have to companies like avast, Kaspersky, Avira and such as well as sending it to cybercrime devisions of police worldwide.

Here is the contact form for Interpol:
http://www.interpol.int/Forms/Contact_INTERPOL