Lola ransomware (Virus Removal Guide) - Recovery Instructions Included

Lola virus Removal Guide

What is Lola ransomware?

Lola ransomware is a malicious intruder that aims to get Bitcoins claiming to offer file decryption

Lola ransomwareThe ransomware is the program that locks files and marks them using .lola extension.

Lola ransomware is a computer virus created for direct money extortion. This cryptovirus works the same way as all ransomware[1] – first, it encrypts all non-system files and renames them, then it creates ransom notes with ransom instructions. Victims are locked out of their data and won't be able to access it until a decryption tool is purchased from the cybercriminals.

During the encryption procedure, the file virus appends all personal user files (pics, audio and video files, documents, etc.) with .lola extension, hence the name of the virus. When that's completed, it drops ransom notes, titles Please_Read.txt, in all compromised folders so the victim could find them wherever they look.

Name Lola ransomware
type Ransomware
Appended file extension All non-system files are encrypted with .lola extension
Ransom note Please_Read.txt can be found in all affected folders
Ransom amount The amount isn't specified but a 50% discount if promised if the victims contact the criminals within 72 hours
Criminal contact email getyourdata@tutanota.com
Malware removal The infection should be removed using a reliable anti-malware software
System fix Once the main removal is done, use the ReimageIntego software to check overall system health and fix any issues the virus might have caused

In the ransom note, the creators of Lola ransomware virus explain to the victims that all their personal files were locked and that the only way to regain access to those files is by purchasing a decryption tool from the cybercriminals. In most cases that is true but in no way does that mean that the victims should meet the perpetrators' demands.

There is an email address (getyourdata@tutanota.com) provided to establish contact by sending a unique appointed user ID and one encrypted file from the infected device for free decryption. This way the cybercriminals try to assure the victims of .lola virus that they really possess the decryption tool/key required to unlock the data.

Developers of the ransomware also warn the users not to try any third-party software to decrypt the files because that could lead to permanent data loss. The ransom will have to be made out using cryptocurrency Bitcoins. Although the ransom amount isn't specified, the criminals are nice enough to offer a 50% discount to victims that contact them within 72 hours. This proposal resembles Djvu family viruses such as Sglh and Jdyi.

Lola ransomware virusThe threat that asks for money on the text file.

Instead of paying off the cybercriminals, thus further expanding their dirty work, victims should focus on virus removal and computer system health. We recommend reliable anti-malware software such as SpyHunter 5Combo Cleaner or Malwarebytes to remove Lola ransomware from the infected machines. Time-tested apps like these will automatically locate the virus and remove it.

After Lola ransomware removal, the victims should use the ReimageIntego tool to perform a full system scan and see whether the virus has made any altercations to system files and settings. Viruses make these changes to help them with their mission. If left unattended these changes could cause anomalous computer behavior, such as performance decline, crashes, etc.

With the ransom note (Please_Read.txt) the creators of this ransomware send this message to the victims:

———————— ALL YOUR FILES ARE ENCRYPTED ————————

Don't worry, you can return all your files!
All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees do we give to you?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information
Don't try to use third-party decrypt tools because it will destroy your files.
Discount 50% available if you contact us first 72 hours.

————-

To get this software you need write on our e-mail : getyourdata@tutanota.com

You will receive btc address for payment in the reply letter

Your personal ID :

Lola file virusMalware can be eliminated using AV detection engines

The most common ways used by cybercriminals to spread their creations

Cybercriminals have various methods of malware distribution at their disposal, but the most common are spam emails and file-sharing platforms. Using these two methods, criminals infect thousands of computers each day.

Spam email is one of the most common ways different malware is distributed. Payload files of viruses are downloaded onto computers either by clicking on a mischievous hyperlink that redirects victims to a malicious website or by downloading email attachments.

File-sharing platforms, like torrent websites, are riddled with all kinds of viruses. They usually are camouflaged as illegal activation toolkits (popularly known as cracks[2]) for games or software. As soon as this kind of torrent is downloaded, the virus executes itself, and the infection is initiated.

Clean your PC from Lola ransomware virus and system-related issues

All malware should be erased from computers swiftly. Perform a full scan with SpyHunter 5Combo Cleaner or Malwarebytes anti-malware apps to automatically find, isolate, and remove the file virus and all its allocated files. Unfortunately, .lola virus removal won't decrypt your files, but that doesn't mean that you should be doubtful. Search for other options to recover your files, never trust the criminals.

When Lola ransomware removal is done and your device is virus-free, experts[3] advise using the ReimageIntego tool to fix any changes the virus might have caused to system files and settings. This app will undo all alterations with a push of a button so you could enjoy your computer anew!

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Lola virus. Follow these steps

Manual removal using Safe Mode

Use Safe Mode with Networking if anti-malware software is unable to remove the virus while Windows are running in normal mode/GI]

[GI=method-2]System Restore might be helpful if the file virus didn't delete restore points

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove Lola from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by Lola, you can use several methods to restore them:

Data Recovery Pro could help restore some of the encoded files

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by Lola ransomware;
  • Restore them.

Using Windows Previous Version to

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Shadow Explorer – another data recovery option

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

No decryption tool/key is currently available

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Lola and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References