- Home
- Detectable Ransomware
- Lost_Files
Ransomware Research
Lost_Files Ransomware
Lost_Files is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on September 1, 2019, this ransomware has been actively targeting systems worldwide.
Quick Facts
- Ransomware Family
- Lost_Files
- First Seen
- September 1, 2019
How Lost_Files Ransomware Works
Targeted Files
Original extension replaced with .Lost_Files_Encrypt Corrupts files ! Ransom message should be shown at StartUp but mistake in code (filename)
File Encryption Patterns
Lost_Files modifies encrypted files using specific patterns to mark them as encrypted:
File extensions added after encryption:
..Lost_Files_Encrypt
Ransom Note and Payment Demands
After encrypting files, Lost_Files displays ransom notes demanding payment for file recovery:
Ransomware Lost Files Message.txt
Ransom message:
notes/Ransomware Lost Files Message.txt
Note locations:
EveryFolder
Ransom message:
notes/note.txt
Note locations:
OnceOnCompletion
Technical Indicators
Associated Executable Files
The following executable files are associated with Lost_Files ransomware:
WSS.zip
tmp.download
B3B4JZUH.exe
Lost_Files.exe
wss.exe
Windows Security Scanner.exe
SecurityUpdater.exe.exe
B1HFZL.exe
Elastio Can Help You
Don't let Lost_Files ransomware take over your data
Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.
About This Analysis
This Lost_Files ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like Lost_Files.
Last updated: July 30, 2025