How to Remove LOL! File Extension Ransomware

How to Remove LOL! File Extension Ransomware?

What is LOL? Depending on who you direct the question to, the answer will change. For example, if you ask a clueless cyber user, you’ll receive the response ‘I don’t know.’ On the other hand, a web-savvy individual will reply with ‘It’s an abbreviation for the phrase Laughing Out Loud.’ However, there is a third category of people. And, if you inquire them they’ll likely give you a rather unexpected reply. There are users, which will brand ‘LOL’ as nasty and vicious, and claim it’s linked to a hazardous ransomware tool. These unfortunate individuals will claim that LOL spells out troubles, and headaches, and altogether awfulness as it’s connected to a dreadful cyber infection.  And, they won’t be lying. There’s  new ransomware, roaming the web, and it, like all others, attacks your data. It targets each and every file, you have on your computer, and encrypts it by adding the .LOL! extension at the end of it, thus rendering it inaccessible. Oh, yes. After the renaming, the encryption process is complete, and you can no longer open any of your files. Say goodbye to all of your videos, pictures, documents, music, and everything else fallen victim to the dangerous ransomware. After you realize, you’ve been targeted by a treacherous tool, now residing somewhere on your PC, wreaking havoc, cut your losses! It may seem harsh, but the best course of action you can take is to forsake your files and move on. Don’t allow the ransomware to push you further into the abyss of disaster. Protect yourself. Disregard your data in the name of your privacy. It’s truly for the best.

How did I get infected with?

Ransomware infections are masterful when it comes to slithering into your system. And, not only do they find a way in, but they do so without you even realizing it. They sneak in undetected, and by the time you become aware of their existence, it’s too late as the damage is already done. As most devious cyber infections, ransomware applications also turn to the old but gold means of infiltration to enter your PC as they’ve proven their worth over time. That includes hiding behind freeware, corrupted links, or sites or pretending to be a bogus update, like Java or Adobe Flash Player. However, the most commonly used method is through hitching a ride with a spam email attachment. There’s no way to stress this enough: do NOT open emails from unknown or questionable senders! And, what’s even more important, do NOT open or download the attachments, they contain! If you wish to keep your PC infection-free, be extra thorough and vigilant. Always do your due diligence and never give into distraction, naivety, and haste. After all, infections prey on carelessness. So, don’t provide it!Remember that even a little extra attention today can save you a ton of troubles and headaches tomorrow.

Why is LOL! File Extension dangerous?

Ransomware is deemed by many as quite the terrifying and monstrous application. That’s because these pesky programs are designed to attack your data. They slither into your PC and take hold of every single file you have stored on it. Once it settles in your system, the ransomware wastes no time and goes to work. Nothing is safe from the tool’s reach. It encrypts everything, every file: .doc, .docx, .docm, .wps, .xls, .xlsx, .ppt, .pptx, .pptm, .pdd, .pdf, .eps, .ai, .indd, .cdr, .dng, .mp3, .lnk, .jpg, .png, .jfif, .jpeg, .gif, .bmp, .exif, .txt. Everything! The infection, you’re currently plagued by, completes the encryption process by adding the .lol extension. For example, if your video was named ‘Sunday,’ after the ransomware strikes, you’ll see it as ‘Sunday.lol.’ When it’s done, you can’t open any of your files anymore. And, not just that. The invasive, hazardous application also keeps you from opening most of your programs and controls your internet access. The infection takes your files hostage and demands you to pay a ransom if you wish to free them. More often than not, it requests payment of $400 to recover your data. Supposedly, when you pay up, you’ll be given a decryption key, and when you apply it, voila! Your files will no longer be inaccessible. But the key word here is ‘supposedly.’ What’s to stop the infection from double-crossing you? What if it just takes your money but doesn’t grant you a key? Or, it gives you one, which doesn’t work? Or what if everything seems to work out perfectly: you pay, receive the key, decrypt your data, and all is right with the world? But then, the very next day, the ransomware strikes again, and you’re back to square one. There are countless ways this can go wrong, and they all end bad for you, the user. That’s why experts advise towards cutting your losses and saying goodbye to your data. After all, files can be replaced, while your privacy cannot. Oh, yes. Did we fail to mention that by going through with the ransom exchange and paying the $400, you open the door to your personal and financial information to the wicked strangers behind the infection? Well, you do. So, here’s a hint: don’t comply with the ransom request! As soon as you discover the ransomware’s existence on your PC, raise the white flag as this is a war you cannot win. Accept the game is rigged and the odds are stacked against you, and protect your private life at the cost of your files. Even though it’s at the expense of your data, it’s worth it.

LOL! File Extension Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover LOL! File Extension Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

• Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
• Locate the process of the ransomware. Have in mind that this is usually a random generated file.
• Before you kill the process, type the name on a text document for later reference.

• Locate any suspicious processes associated with LOL! File Extension encryption Virus.
• Right click on the process
• Open File Location
• End Process
• Delete the directories with the suspicious files.
• Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

• Open any folder
• Click on “Organize” button
  
• Choose “Folder and Search Options”
• Select the “View” tab
• Select “Show hidden files and folders” option
• Uncheck “Hide protected operating system files”
• Click “Apply” and “OK” button

STEP 3: Locate LOL! File Extension encryption Virus startup location

• Once the operating system loads press simultaneously the Windows Logo Button and the R key.

• A dialog box should open. Type “Regedit”
• WARNING! be very careful when editing the Microsoft Windows Registry as this may render the system broken.

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

• and delete the display Name: [RANDOM]

• Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

• Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

• Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
• Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.