'.LOL!' Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 7 |
| First Seen: | October 3, 2016 |
| Last Seen: | May 12, 2023 |
| OS(es) Affected: | Windows |
The '.LOL!' Ransomware is a ransomware Trojan that has been responsible for devastating attacks. Computer users have reported that the '.LOL!' Ransomware has attacked servers and networks, encrypting files and changing their extensions to '.LOL!' to identify the affected data. Victims of the '.LOL!' Ransomware have reported that thousands of their files, including important Microsoft Office documents, media files, and other important files are targeted by the '.LOL!' Ransomware, which encrypts the files to make them inaccessible. In many cases, computer users will infect their file after opening a corrupted email attachment that may be included in a bogus email message from UPS, USPS, FedEX, or some other shipping company. These fake shipping confirmation emails are a common way of distributing threats like the '.LOL!' Ransomware. PC security analysts strongly advise computer users to take care when opening any unsolicited email messages and never open unsolicited email attachments, even if they appear to come from a legitimate company as is the case with the corrupted attachments used to distribute the '.LOL!' Ransomware.
Dealing with the '.LOL!' Ransomware
The best way to deal with the '.LOL!' Ransomware and other ransomware Trojans is to ensure that your files are backed up at all times properly. In fact, a reliable backup solution is much better than anti-malware software when dealing with the '.LOL!' Ransomware and other ransomware Trojans. This is because, in the case of these threats, even if the threat is removed, the victim's files will remain infected. If you have a reliable backup solution (which should be the case when dealing with enterprise systems and servers), computer users can simply delete all files with the extension used by the '.LOL!' Ransomware, as well as removing the actual threat using a security application that is fully up-to-date. The files can then be copied from the backup, which allows a quick recovery. Computer users without a backup will, unfortunately, have no way to recover their files. It is important to note that PC security researchers do not recommend paying any ransom demanded by these threats. The con artists may ignore the victims that pay or turn around and demand even more money.
The Unkind Ransom Note Displayed by the '.LOL!' Ransomware
It is clear that the '.LOL!' Ransomware is part of a family of ransomware that has been active for a long time, at least for the past year. The the '.LOL!' Ransomware ransom note makes fun of the victim and claims to be carrying out the attack as a way to educate victims on the dangers of ransomware. The following is the ransom note that the '.LOL!' Ransomware displays on the victim's computer:
JOKE
Hello boys and girls! Welcome to our high school "GPCODE"!
If you are reading this text (read this very carefully, if you can read), this means that you have missed a lesson about safety and YOUR PC HACKED !!! Dont worry guys - our school specially for you! The best teachers have the best recommendations in the world! Feedback from our students, you can read here:
1)http://forum.kaspersky.com.2)http://forum.eset.com 3)http://forum.drweb.com 4) www.forospyware.com As you see- we trust their training,only we have spesial equipment(cryptor.exe and decryptor.exe).Only here you will get an unforgettable knowledge!
The lesson costs not expensive. Calculate the time and money you spend on recovery. Time is very expensive, almost priceless.We think that it is cheaper to pay for the lesson and never repeat the mistakes.We guarantee delivery of educational benefits(decryptor.exe). First part(cryptor.exe) you have received 🙂
SERIOUSLY
Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES.No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor etc repair tools are useless and can destroy your files irreversibly.
If you want to restore files - send e-mail to gpcode@mail2tor.com with the file "how to get data.txt" and 1-2 encrypted files less than 2 MB. PLEASE USE public mail like yahoo or gmail.
You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.
P.S. Remember, we are not scammers. We don`t need your files. After one month all your files and keys will be deleted.Oops!Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples and positive feedbacks from previous users.
Note the faulty grammar and spelling that is contained in the the '.LOL!' Ransomware ransom note. This is a common feature in these attacks, which usually do not originate from English-speaking countries, despite targeting computer users in these geographical locations. Ignore the contents of the message and take preventive steps to ensure that your computer is protected properly from the '.LOL!' Ransomware and other ransomware Trojan threats.
