Threat Database Ransomware Looy Ransomware

Looy Ransomware

After conducting an in-depth analysis of the malware known as Looy, cybersecurity researchers have confirmed its functionality, which primarily involves encrypting files on compromised devices. In line with the typical modus operandi of ransomware, the threatening software also alters the filenames of the targeted files by appending them with the '.looy' extension. For example, files like '1.png' would be transformed into '1.png.looy,' and '2.doc' would become '2.doc.looy,' and so on. Additionally, Looy generates a ransom note in the form of a text file labeled '_README.txt.'

It's important to highlight that these experts have classified the threat as a variant within the Djvu Ransomware family. This association sheds light on the broader context of the threat landscape, indicating a lineage of ransomware with shared characteristics and operational methodologies. Moreover, it's noteworthy that cybercriminals leveraging the Djvu ransomware often incorporate additional malware, such as Vidar or RedLine, into their harmful activities.

The Looy Ransomware may Lead to Significant Disruptions and Financial Losses

The ransom note issued by the Looy Ransomware delineates the encryption of a wide array of files, spanning from images to databases and documents, employing a robust encryption algorithm. It underscores the exclusive avenue for file restoration, emphasizing the necessity of acquiring a specialized decryption tool along with a unique decryption key. Perpetrators set the ransom amount at $999 for these essential decryption tools, enticing victims with a 50% discount if they initiate contact within a limited timeframe of 72 hours.

Furthermore, the cybercriminals extend an offer to showcase their decryption capabilities by providing a complimentary decryption of one file. However, they stipulate that the submitted file should lack substantial or valuable information to qualify for this demonstration. Contact information for reaching out to cybercriminals is provided through email addresses such as and

Victims are strongly advised against succumbing to ransom demands, as there is no assurance that attackers will fulfill their promise of providing decryption tools even after payment. Regrettably, the prospects of retrieving files without acquiescing to the ransom are slim. Additionally, it's imperative to recognize that promptly removing ransomware from compromised computers mitigates the risk of further file encryptions and curtails the potential spread within a local network.

Crucial Measures to Implement in Your Defense against Ransomware Threats

Defending against ransomware threats requires a multi-faceted approach that encompasses both preventive and responsive measures. Here are crucial steps users should implement to protect themselves against ransomware:

  • Regular Software Updates: Ensure all operating systems, applications, and security software are up-to-date with the latest security patches and updates. Vulnerabilities in outdated software are often exploited by ransomware.
  •  Install Anti-malware Software: Utilize reputable anti-malware software to detect and prevent ransomware infections. Keep these programs updated to mitigate evolving threats effectively.
  •  Enable Firewall Protection: Activate firewalls on network devices to check and control incoming and outgoing traffic, preventing unauthorized access and blocking potential ransomware payloads.
  •  Exercise Caution with Email Attachments and Links: Always be careful when opening email attachments or interacting with links, especially from unfamiliar or suspicious sources. Ransomware often spreads through phishing emails containing malicious attachments or links.
  •  Backup Data Regularly: Implement a robust backup strategy to regularly backup essential files and data. Store backups securely, onsite and offsite, to ensure they are not affected by ransomware attacks. Periodically test the created backups to ensure they are functional and can be used for system restoration if needed.
  •  Use Strong, Unique Passwords: Create strong, complex passwords for all accounts and devices to prevent unauthorized access. Avoid utilizing the same password across multiple accounts and consider the possibility of using a password manager to manage passwords securely.
  •  Implement Multi-Factor Authentication (MFA): Enable MFA wherever possible to add one more layer of security to accounts and devices. MFA demands users to provide multiple forms of verification before accessing sensitive information, making it more difficult for attackers to compromise accounts.
  •  Educate Users: Educate yourself and others about the hazards of ransomware and how to recognize and avoid potential threats. Train employees and family members on best practices for cybersecurity, including safe browsing habits and identifying phishing attempts.
  •  Limit User Privileges: Restrict user privileges on devices and networks to prevent unauthorized access and minimize the impact of ransomware infections. Users should have access only to the permissions and resources necessary to perform their job functions.

By implementing these crucial measures, users can lessen the risk of becoming victim to ransomware attacks significantly and mitigate the impact if an attack occurs.

The full text of the Looy Ransomware's ransom note is:


Don't worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that's price for you is $499.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:'

Looy Ransomware Video

Tip: Turn your sound ON and watch the video in Full Screen mode.


Most Viewed