Live ransomware

Live ransomware – a new Dharma variant that automatically boots every time the computer power is turned on

Live ransomware virus

Live ransomware, also known as CryptLive ransomware, is one of the newest Dharma variants that have reached the surface at the end of January 2020. The malware operates as a typical ransom-demanding and file-encrypting[1] cyber threat but that does not make it less dangerous than others of its kind. The malicious module is designed to encrypt files by appending the .LIVE extension to each file name.

Afterward, Live virus pastes a copy of the info.hta and FILES ENCRYPTED.txt ransom note into every folder that holds locked data. The first message encourages users to reach out to the cybercriminals via [email protected] email address while the second one provides a payment offering of $1299 that needs to be transferred in Bitcoin. The crooks promise to give those who show signs of communication via 24 hours a 15% discount and offer users to send them 1 file not exceeding the size of 10 MB for free decryption as the demonstration of the truly-existing decryption software.

Name Live ransomware/CryptLive ransomware
Category Ransomware/malware
Family This cyber threat belongs to the Dharma ransomware family
Appendix Once all the files and documents are found and locked with a unique encryption cipher, the ransomware virus appends the .LIVE extension to each affected component
Ransom note The malware delivers two ransom notes one from which is written in the info.hta format and the other one opens in a notepad window and is named FILES ENCRYPTED.txt
Ransom price The criminals urge for a quite big price – $1299 in Bitcoin. However, these people promise to make a 15% discount for those victims who aim to contact the developers within 24 hours of time
Crook’s contacts The crooks provide the [email protected] email address as a way to make contact and send them one small file for receiving evidence of the decryption tool’s existence
Spreading Ransomware infections are often delivered through email spam when the crooks pretend to be reliable firms and organizations. Also, the malware can appear through a hacked RDP, software cracks, fake software updates, malicious advertisements, and infectious hyperlinks
Termination If you have spotted this ransomware virus on your computer system, you have to get rid of it as soon as possible before it has brought any other additional infections. Besides, you can try restoring your locked data only after terminating the malware. For this process, download reliable antimalware software
Repair tool If the ransomware virus has damaged some of your Windows computer’s areas, you can try fixing them with a repair tool such as Reimage Reimage Cleaner

Live ransomware is a tricky cyber threat that fills the Registry and Task Manager with malicious files and operations. Whenever these components are executed, the virus is provided with various functional abilities. For example, some commands allow the ransomware to boot up every time the computer is started. Also, do not be surprised if the malware is mimicking the process of some type of flash player, downloader, or another piece of software as this way the ransomware virus is capable of blending into your system and staying unknown for a while.

Continuously, [[email protected]].LIVE ransomware might also be scheduled to run background processes such as the deletion of Shadow Volume Copies.[2] This type of activity hardens the data recovery process for the cybercriminals. If the virtual parasite starts initiating multiple tasks at a time, you can also spot that your CPU and GPU power levels have been rising up more than usual.

In fact, Live ransomware uses some threats in its ransom message regarding the data recovery fact. The criminals make sure that the victims are aware that trying to restore files by themselves can bring only more harm and files loss:

Don’t worry,you can return all your files!

If you want to restore them, follow this link:email [email protected] YOUR ID 1E857D00
If you have not been answered via the link within 12 hours, write to us by e-mail:[email protected]
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam

However, Live ransomware is trying to trick you into purchasing the decryption tool from the cybercriminals. Even though these people might truly own this type of software, there are no guarantees that they will not just run off with your money.

Due to the risk of getting scammed, you should remove Live ransomware from your Windows computer system and use alternative software for the data recovery process. There is no official decrypter released at the time of writing but you still can benefit from third-party restoring software. We have provided some solutions at the end of this page.

Live ransomware
Live ransomware is a dangerous malware form that comes from the Dharma ransomware family

Other functions of Live ransomware might include permanently damaging the hosts files on your Windows device. This way the malware prevents you from visiting security-based pages and receiving valuable information on the virus’s termination. So, once you are deleting the ransomware virus, do not forget to delete the Windows hosts file too, otherwise, the access to your liked websites might still remain blocked.

Another reason for you to speed up Live ransomware removal is the possibility that you will end up with additional malware on your computer system. Ransomware infections are capable of bringing not only potentially unwanted programs such as adware or browser hijackers to the computer system but also serious malware such as trojans, spyware, worms, cryptocurrency miners, etc.

If you have been looking for ways to uninstall Live ransomware properly, you should only do that by employing reliable software as the manual technique might not work very well due to the risk of missing crucial components. Besides, if you have discovered some damage on your computer system, you can try fixing the infected areas with the help of Reimage Reimage Cleaner .

If in some cases, your antivirus program cannot find Live ransomware on your Windows machine, the malware might be evading antimalware detection. For this purpose, you should boot your computer via Safe Mode with Networking or System Restore. However, according to VirusTotal data,[3] this malicious string has been detected by 58 antivirus tools out of the total 70.

Live malware
Live malware is a ransomware virus that might delete Shadow Volume Copies to harden the decryption process for the victims

Ransomware delivery is never expected but not quite surprising

Dangerous malware forms such as ransomware appear on those computer systems who have the weakest or a very weak level of protection. This means, even though you have not opted for the ransomware installation intentionally, the cyber threat did not really escape without your help and we are going to explain how this happens.

The main way of delivering ransomware-related payload to victims’ computers is by using spam messages. A lot of criminals write official-looking notes and pretend to be from financial companies, shipping firms, healthcare systems, etc. Afterward, the victim is encouraged to open the attached file that often appears to be the infectious payload.

DO NOT fall for believing in any messages that you were not expecting to receive as you can get in big trouble. Even more important, DO NOT open or download any attached files without scanning them with antivirus software first.

Additionally, ransomware infections are likely to get delivered through other sources such as weak RDP configuration. This happens when the RDP does not include a password or includes an easy-guessable one such as “12345”. Furthermore, these types of viruses can be downloaded from software cracks that are placed on peer-to-peer networks such as The Pirate Bay, BitTorrent, and eMule. Also, you can receive these types of threats while opening fake flash player updates, entering malvertising-based ads, clicking on infected hyperlinks, etc.

Advanced removal solutions for Live ransomware

If you have spotted .LIVE files on your desktop, the FILES ENCRYPTED.txt ransom note, and malicious processes running in your Task Manager, you have to get rid of Live ransomware ASAP. The longer you keep this cyber threat on your computer system, the bigger the damage might be. You can even receive other malware very soon.

So, to decrease the risk of additional virus infections and have a chance to unlock at least some of your files, you should remove Live ransomware from your Windows operating system. The only method that works properly in this case is the automatical one and it includes purchasing and downloading proper antimalware software.

Once Live ransomware removal is performed, you can try recovering some of your encrypted files. At the end of this article, we have prepared three possible recovery solutions that might be helpful if completed properly.

According to experts from,[4] hackers might try to attract as to pay the ransom payment and then vanish. This is the main reason why it is worth trying alternative software for file restoring rather than emptying your pockets.

Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

Remove Live using Safe Mode with Networking

To diminish malicious changes on your Windows computer system, you should boot your machine in Safe Mode with Networking. If you do not know how to do that, use these guiding steps to complete the task:

  • Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8

    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Log in to your infected account and start the browser. Download Reimage Reimage Cleaner or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Live removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Live using System Restore

To deactivate the ransomware virus and all related process on your infected device, you have to complete the following instructing steps in order to opt for the System Restore feature:

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Live from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by security experts.

If you have seen .LIVE files on your computer’s desktop, you should not hurry to pay the ransom as scamming is a possibility that may be awaiting you after payment. Rather than taking such a risk, you can try out some other data restoring techniques that we have provided below.

If your files are encrypted by Live, you can use several methods to restore them:

Employ Data Recovery Pro for file restoring tasks.

If you have been looking for software that could help you bring some of your files back to their primary states, you can try using this third-party tool as it might appear to be really helpful.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Live ransomware;
  • Restore them.

Windows Previous Versions feature might allow data recovery.

If you have enabled the System Restore feature in the past, this tool might help you to recover some of your individual files and documents.

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Using Shadow Explorer can increase your chances of data restoring.

You can try out this software if the ransomware virus has locked your files. However, keep in mind, that this method might not work if the malware has permanently destroyed the Shadow Volume Copies of your data.

  • Download Shadow Explorer (;
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Currently, the cybersecurity experts are working on the official decrypter.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Live and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner , SpyHunter 5Combo Cleaner or Malwarebytes

This entry was posted on 2020-01-28 at 11:30 and is filed under Ransomware, Viruses.