Why Has Linda Ransomware Encrypted My Files?


The Linda ransomware is a newly discovered strain of file-encrypting malware. The ransomware belongs to the family of VoidCrypt ransomware clones.

Encryption is fairly straightforward - Linda would encrypt most non-essential files on a target system, leaving OS files untouched. The ransomware encrypts documents, archives, most media file types, and databases. Once encrypted, the files receive a multi-string new appendix in the form of a long extension.

The ransomware appends the victim's ID string, the contact email used by the ransomware operator, and the .linda extension after each original file and extension. This means that a file called "document.docx" will transform into "docment.docx.(victim ID string).(contact email).linda.

The ransom note is dropped inside an HTML application file named "!!INFO.HTA".

It bears repeating that negotiating with criminals online is never worth it and your best option for restoring your encrypted files is the use of offline backups.

June 9, 2022