LOG ransomware released as yet another Dharma virus spin-offThreat SummaryDHARMA variants pushed via Remote Desktop ProtocolRemove LOG ransomware virus and recover your files

The virus leaves ransom notes in two forms – a pop-up window, and FILES ENCRYPTED.txt file. The pop-up is titled as Logan8833@aol.com and contains a message from the cyber criminals and authors of the LOG ransomware. The note starts with a large line stating “Your files are encrypted”, following by a verification that all files can be returned. In order to restore them, the victim is instructed to contact the attackers via Logan8833@aol.com email address. The note also contains the victim’s ID, which the victim has to include in the email so that the criminals could identify the infected host. The ransom note also informs that in case the criminals do not reply within 12 hours, the victim should write to alternative email address – helpme24@tuta.io. Then the ransom note contains some alerts written in red background, stating that the victim should not try to rename encrypted .LOG files, decrypt them using third-party tools or use third-party decryption services which are scam as they simply pay the criminals and add a commission fee. The text file is much shorter and contains the following text: all your data has been locked usYou want to return?write email Logan8833@aol.com or HelpMe24@tuta.io When it comes to cybersecurity experts’ opinion, you should not pay the criminals, never. There are many reasons not to do so, and one of them is supporting cybercrime. Another reason not to pay up is that you can get scammed and still never receive your files. Cyber crooks are chatty and friendly until they convince you to pay the money, and once you do, they might disappear in a second. That said, we recommend you to protect your system by removing all malicious remains using a malware-removal software. For virus damage repair, consider scanning with RESTORO. After you remove LOG ransomware from Dharma, you can try to restore at least part of your files using data backups.

Threat Summary

DHARMA variants pushed via Remote Desktop Protocol

Dharma ransomware variants such as LOG, DATA and others are mostly pushed via Remote Desktop Protocol (RDP) ports. Such ports are known to be used for remote work environment so that employees could connect to the work network remotely (for example, from home, cafe and similar). Therefore, criminals might be able to exploit this with the help of port scanning and brute-forcing RDP sessions until the required credentials are gained. What is more, various corporate RDP credentials can be purchased on dark web websites for a couple of dollars only. That said, this is rather an easy road for a bit experienced hackers to take and infect networks with file-encrypting malware such as LOG virus. An alternative method to hack into the system is to phish an employee to get access to the target network. For example, criminals might send a convincing email for an employee, suggesting to visit a specific domain or download an infected file. As a result, malware might be installed on the target system silently and used to transmit keystrokes or browser-saved passwords to the criminals. What happens next is upon the criminals and their goals. Screenshot of folder with encrypted files marked with .[Logan8833@aol.com].LOG extensions is shown below.

Remove LOG ransomware virus and recover your files

It is recommended that you remove LOG ransomware virus using a professional and automatic malware removal tool. This way, you can count on an algorithm used to destroy malicious remains. Our recommended tool, RESTORO, includes Avira Antivirus scanner, and can also repair virus damage done to Windows OS files. Besides, by running an automated tool, you can identify and destroy all other malware instances that may have been installed on the system previously. Only after deleting the malware from your system, you can concentrate on data recovery methods. A thorough LOG ransomware removal guide is provided below, so make sure you follow all the given steps attentively. You might also be interested in suggested software alternatives provided at the end of the article. To decrypt .LOG files, we suggest you to use data backups, or remain patient. Currently, no data recovery tool is capable of restoring all of the files. OUR GEEKS RECOMMEND Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system: GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more. Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs. Use INTEGO Antivirus to remove detected threats from your computer. Read full review here. RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically. RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them. Read full review here.

Alternative software recommendations

Malwarebytes Anti-Malware

Method 1. Enter Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in the said mode, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to do it: Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users Now, you can search for and remove LOG ransomware virus files. It is very hard to identify files and registry keys that belong to the ransomware virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. In addition, we suggest trying a combination of INTEGO Antivirus (removes malware and protects your PC in real-time) and RESTORO (repairs virus damage to Windows OS files).

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically. Instructions for Windows XP/Vista/7 users Instructions for Windows 8/8.1/10 users After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won’t be any malware remains, but it never hurts to double-check. In addition, we highly recommend checking ransomware prevention guidelines provided by our experts in order to protect your PC against similar viruses in the future. Removing spyware and malware is one step towards cybersecurity. To protect yourself against ever-evolving threats, we strongly recommend purchasing a Premium version of Malwarebytes Anti-Malware, which provides security based on artificial intelligence and machine learning. Includes ransomware protection. See pricing options and protect yourself now.

System Mechanic Ultimate Defense If you’re looking for an all-in-one system maintenance suite that has 7 core components providing powerful real-time protection, on-demand malware removal, system optimization, data recovery, password manager, online privacy protection and secure driver wiping technology. Therefore, due to its wide-range of capabilities, System Mechanic Ultimate Defense deserves Geek’s Advice approval. Get it now for 50% off. You may also be interested in its full review.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.