Remove Lsas Ransomware
The Lsas Ransomware is a new version of the Dharma Ransomware. Unfortunately, it is not decryptable – just like previous variants of the Dharma family. Victims of the Lsas Ransomware may end up encountering the malicious executable when interacting with random email attachments, shady ads, or fraudulent downloads. The best type of protection against ransomware attacks is using up-to-date anti-malware services, as well as maintaining up-to-date backups of your data.
The Lsas Ransomware attack is able to render the majority of your files inaccessible. The files it locks will have the suffix '.id-<VICTIM ID>.[sekurlsa@ml1.net].lsas' added to their name. Another notable change is the creation of the ransom note 'FILES ENCRYPTED.txt' on the desktop. Last but not least, the malicious file will also spawn a new window that contains a copy of the ransom note.
To nobody's surprise, the attackers are asking for money. They claim to offer a working decryption solution that victims can pay for in Bitcoin. The Lsas Ransomware operators also offer to unlock one file for free – they advise victims to send it to either sekurlsa@ml1.net or sekurlsa@mm.st.
While you should accept the free decryption offer, you should not considering paying the ransom amount that the criminals demand. They are likely to demand at least a few thousand dollars, and paying them does not guarantee a positive outcome. There is nothing stopping them from taking your money and asking for more, or straight up ignoring your messages. If the Lsas Ransomware takes over your data, you should use an antivirus scanner to eliminate the malware immediately. After this, look into popular data recovery solutions that could help you undo some of the damage that the Lsas Ransomware did.