Ldhy ransomware is a dangerous malware infection that encrypts files. It’s part of the Djvu/STOP ransomware family. Like all ransomware, it targets personal files and essentially takes them hostage. File recovery can be impossible unless you have a backup.



Ldhy ransomware starts its malicious activities as soon as it is initiated. While it’s encrypting files, it shows a fake Windows update window to distract users. Unfortunately, Ldhy ransomware targets all personal files, including photos, videos, documents, etc. Encrypted files are recognizable by the .ldhy extension added to their names. For example, text.txt would become text.txt.ldhy if encrypted.

You will not be able to open any files that have that extension unless you first use a decryptor on them. However, obtaining a Ldhy ransomware decryptor will not be easy. You can buy it from the cybercriminals operating this ransomware, as is explained in the _readme.txt ransom note that gets dropped in all folders that have encrypted files.

The note explains that in order to get the decryptor, you’d need to pay $999 in Bitcoin. Supposedly, there’s a 50% discount for users who make contact within the first 72 hours. Users can also supposedly get one file decrypted for free as long as it does not contain any valuable information.

Below is the full Ldhy ransomware ransom note:


Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that’s price for you is $499.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

If you do not have a backup, paying the ransom may seem like a good option but we do not recommend paying. First of all, there are no guarantees that a decryptor will be sent if you pay the ransom. You are dealing with cybercriminals, there are no guarantees that they will keep their end of the deal. Countless ransomware victims have paid ransom in the past only to get nothing in return. Whether to pay or not is your decision but you should be aware of the risks that come with making such a decision.

If you have a backup, you can start recovering files as soon as you delete Ldhy ransomware from your computer. We strongly suggest using a good anti-malware program to remove Ldhy ransomware because it’s a complicated infection. Once anti-malware detects no malware on your computer, you can connect to your backup to start the file recovery process.

If you have no backup, wait for a free Ldhy ransomware decryptor to be released. It’s not very likely to happen but it’s not impossible. If it does get released, it will be posted on NoMoreRansom.

How did Ldhy ransomware enter your computer?

Ldhy ransomware is distributed in several ways. Generally, users with good online habits are significantly less likely to infect their computers with malware because they avoid certain risky behaviors. Developing better habits and becoming familiar with malware distribution methods is one of the most effective ways of avoiding malware.

It’s very common for malware to be distributed through email attachments. When users open malicious email attachments, they authorize the infection to initiate. Emails carrying malware are usually not difficult to recognize as long as you know what to look for.

Malicious emails, especially ones that have attachments, are often disguised to look like parcel delivery emails, order confirmations, etc. The emails try to elicit a sense of emergency so that users act rashly and open the attached file. But if users pay attention to the email, they will be able to recognize it as being malicious. First of all, the emails are often full of grammar/spelling mistakes. These mistakes are the biggest giveaway because you would never see such mistakes in legitimate emails.

Another sign is emails, supposedly from services you use, addressing you using generic words like User, Member, Customer, etc. In legitimate emails, users are addressed by name because it makes the emails seem more personal. However, generic malicious emails target many users at the same time with the same email so they use generic greetings.

Malicious emails that target specific people are usually much more sophisticated. They are mistake-free and contain information that makes the emails seem much more credible. This is why it’s always recommended to scan all unsolicited email attachments with anti-malware software or VirusTotal before opening them.

It should also be mentioned that malware is commonly found in torrents. Torrent sites are quite badly moderated in many cases, which allows malicious actors to upload torrents with malware in them. It’s especially common to find malware in torrents for entertainment content (e.g. movies, TV series, video games). Not only is torrenting copyrighted content essentially content theft but it’s also dangerous for the computer.

Ldhy ransomware removal

Unless you know exactly how to remove Ldhy ransomware manually, we recommend you use an anti-malware program. If you try to delete Ldhy ransomware manually, you could end up causing additional damage to your device. You may also not fully get rid of the infection, which could allow it to recover.

If you have a backup, you can connect to it and start recovering files as soon as you fully delete Ldhy ransomware from your device. If the ransomware is still present when you connect to your backup, your backed-up files will become encrypted as well.

If you do not have a backup, waiting for a free Ldhy ransomware decryptor to be released may be your only option. If it does get released, it will be downloadable from NoMoreRansom.

Ldhy ransomware is detected as:

  • Win32:BotX-gen [Trj] by Avast/AVG
  • Trojan.GenericKD.71532783 (B) by Emsisoft
  • A Variant Of Win32/GenKryptik.GTMJ by ESET
  • HEUR:Trojan.Win32.Injuke.gen by Kaspersky
  • Trojan.MalPack.GS by Malwarebytes
  • Ransom:Win32/StopCrypt.SHZ!MTB by Microsoft
  • Trojan.GenericKD.71532783 by BitDefender
  • GenericRXWN-MJ!DAED93996432 by McAfee


More information about SpyWarrior and Uninstall Instructions. Please review SpyWarrior EULA and Privacy Policy. SpyWarrior scanner is free. If it detects a malware, purchase its full version to remove it.

  • WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

  • Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

  • While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


Quick Menu

Step 1. Delete Ldhy ransomware using Safe Mode with Networking.

Remove Ldhy ransomware from Windows 7/Windows Vista/Windows XP
  1. Click on Start and select Shutdown.
  2. Choose Restart and click OK. Windows 7 - restart
  3. Start tapping F8 when your PC starts loading.
  4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Ldhy ransomware - boot options
  5. Open your browser and download the anti-malware utility.
  6. Use the utility to remove Ldhy ransomware
Remove Ldhy ransomware from Windows 8/Windows 10
  1. On the Windows login screen, press the Power button.
  2. Tap and hold Shift and select Restart. Windows 10 - restart
  3. Go to Troubleshoot → Advanced options → Start Settings.
  4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
  5. Click Restart.
  6. Open your web browser and download the malware remover.
  7. Use the software to delete Ldhy ransomware

Step 2. Restore Your Files using System Restore

Delete Ldhy ransomware from Windows 7/Windows Vista/Windows XP
  1. Click Start and choose Shutdown.
  2. Select Restart and OK Windows 7 - restart
  3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
  4. Choose Command Prompt from the list. Windows boot menu - command prompt
  5. Type in cd restore and tap Enter. Uninstall Ldhy ransomware - command prompt restore
  6. Type in rstrui.exe and press Enter. Delete Ldhy ransomware - command prompt restore execute
  7. Click Next in the new window and select the restore point prior to the infection. Ldhy ransomware - restore point
  8. Click Next again and click Yes to begin the system restore. Ldhy ransomware removal - restore message
Delete Ldhy ransomware from Windows 8/Windows 10
  1. Click the Power button on the Windows login screen.
  2. Press and hold Shift and click Restart. Windows 10 - restart
  3. Choose Troubleshoot and go to Advanced options.
  4. Select Command Prompt and click Restart. Win 10 command prompt
  5. In Command Prompt, input cd restore and tap Enter. Uninstall Ldhy ransomware - command prompt restore
  6. Type in rstrui.exe and tap Enter again. Delete Ldhy ransomware - command prompt restore execute
  7. Click Next in the new System Restore window. Get rid of Ldhy ransomware - restore init
  8. Choose the restore point prior to the infection. Ldhy ransomware - restore point
  9. Click Next and then click Yes to restore your system. Ldhy ransomware removal - restore message

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply