What is LOL! Ransomware

Being a new variant of PGPCoder Ransomware, LOL! is also designed to encrypt system-stored data with the help of asymmetric RSA and AES algorithms. Such algorithms are oftentimes strong making manual decryption next to impossible, however, this is yet to be discussed in detail further below. During encryption, the virus also appends its .LOL! extension to each file affected. For an instance, if it was 1.pdf attacked by the encryptor, it would change to 1.pdf.LOL! and become no longer usable. As soon as all targeted files end up access-restricted, the virus drops the get data.txt file to each folder containing encrypted data (including desktop). This file is meant to explain what happened and most importantly instruct victims through the recovery process.

get data.txt
JOKE
Hello boys and girls! Welcome to our high school "GPCODE"!
If you are reading this text (read this very carefully, if you can read), this means that you have missed a lesson about safety and YOUR PC HACKED !!! Dont worry guys - our school specially for you! The best teachers have the best recommendations in the world! Feedback from our students, you can read here:
1)hxxp://forum.kaspersky.com 2)hxxp://forum.drweb.com 3)hxxp://forum.eset,com 4)www.forospyware.com
As you see- we trust their training, only we have special equipment(cryptor.exe and decryptor.exe) and only here you will get an unforgettable knowledge! The lesson costs not expensive. Calculate the time and money you spend on recovery. Time is very expensive, almost priceless.We think that it is cheaper to pay for the lesson and never repeat the mistakes.We guarantee delivery of educational benefits(decryptor.exe). First part(cryptor.exe) you have received :-)
SERIOUSLY
Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES.No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor etc repair tools are useless and can destroy your files irreversibly. If you want to restore files - send e-mail to gpcode@gp2mail.com with the file "how to get data.txt" and 1-2 encrypted files less than 5 MB. PLEASE USE PUBLIC MAIL LIKE YAHOO or GMAIL. You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.
P.S. Remember, we are not scammers. We don`t need your files. After one month all your files and keys will be deleted.Oops!Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples and positive feedbacks from previous users.
====================
55547101603FC31906A84056779FFFE30A88A31F2AEC7B87C32F11449F9C20CF
B53AF27BC0F15FD7DF82D06E459E2E5447F4312AC91D69B74D380DF0A28DCE29
D60BEF4A16003E4CC0A9A3432221A171B325677CD4D90E97D68FA5A582C1853A
955AC5729EFDCD72742ABA2CF383A3BEAC2AC6A15057A6EC692185CD8D79B801
155D5E5D30025436F17CAC88C4E02C08E89C746CC858A03CECE4F82C44705838
?====================
********************************************************************************

Inside, victims are presented with information written under two sections – “JOKE” and “SERIOUSLY”. In the first section, cybercriminals simply make jokes about how negligent users are about their protection and what they should do to be secure against such infections in the future. The other, as the name suggests, provides information about recovery itself. It is said victims can regain access to their data only by purchasing their decoder. To do this, victims have to contact the swindlers by e-mail (gpcode@gp2mail.com) and also attach 1-2 files to test decryption. After this, cybercriminals say they will give further instructions to perform the payment and use the file decoder. While developers behind LOL! Ransomware may seem absolutely trustworthy, you should remember that there is always a risk of getting eventually fooled. Some extortionists do not keep their promises and forget to send decryption tools even after receiving the payment. Plus, the decision on whether to pay the ransom or not should also depend on how valuable the encrypted files are and much money you are able to spend on decryption. Trying to do it manually often results in no successful outcomes – this is due to strong encryption algorithms used by the virus and also secure ways of storing decryption keys (on remote servers). The best way you can approach file recovery without cybercriminals is via backup copies. If such are available, you can easily use them after deleting the virus. Note that deleting the virus is mandatory whenever you want to recover your files manually, otherwise, it may continue encryption and also affect your external storage that will be plugged in. In our guide, you will also find some useful information about generally effective and reliable software used for resorting to data after ransomware attacks. Although they are less likely to be as effective with LOL! Ransomware, you can still give them a try if no other recovery method is left.

lol! ransomware

How LOL! Ransomware infected your computer

Ways file-encryptors can infiltrate systems count a number of distribution channels, such as trojans, fake software updates/installers, system exploits, phishing websites and emails, unreliable software cracking tools, backdoors, keyloggers, and so forth. Phishing via email is usually the one cybercriminals tend to rely on the most. Users can receive messages that seem legitimate or even important, but at the same time contain malicious attachments or links. Such attachments are often uploaded in Word, Excel, PDF, Executable, Archive, or JavaScript formats. Malware developers use them due to accessible macros abilities, which allow the installation of malware with little actions required from users. Receiving e-mails classified as spam should always be a sign to be on alert. It is good to avoid or even delete them completely to make sure no malware breaches by accident. You should always be careful clicking on links and executing files you are not familiar with. Opt only for trusted and legal sources of content and software to avoid the risks of getting infected with malware. Read our guide below to familiarize yourself with useful protection tips to stay secure while using the Internet.

  1. Download LOL! Ransomware Removal Tool
  2. Get decryption tool for .LOL! files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like LOL! Ransomware

Download Removal Tool

Download Removal Tool

To remove LOL! Ransomware completely, we recommend you to use WiperSoft AntiSpyware from WiperSoft. It detects and removes all files, folders, and registry keys of LOL! Ransomware and prevents future infections by similar viruses.

Alternative Removal Tool

Download SpyHunter 5

To remove LOL! Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of LOL! Ransomware . The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

LOL! Ransomware files:


get data.txt
{randomname}.exe

LOL! Ransomware registry keys:

no information

How to decrypt and restore .LOL! files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .LOL! files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .LOL! files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with LOL! Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .LOL! files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like LOL! Ransomware , in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. LOL! Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove IceFire Ransomware and decrypt .iFire files
Next articleHow to remove Loki Locker Ransomware and decrypt .Loki files