Jump to content

Help With .LOL! RansomWare Decryption of Files

Recommended Posts

Hello Everyone!


We recently were attacked with a new ransomware virus on our domain.


Many of our files were renamed to "filename.LOL!".


For example:


was renamed to:



We were able to remove the threat and were forced to restore many backups as the majority of our files were encrypted.


However, we did not have a backup for some of our files, so are stuck trying to figure out a means to decrypt these remaining files.


Can you assist us with decrypting our remaining files?


I have attached the logs, and the "how to get data.txt" file that was placed in every directory that was encrypted by the virus.


I also attached an actual encrypted file, along with the original version of the file for your testing/comparison.


Please note: the files and scans were all done on my test vm (not the server that was infected) as we did not want to re-enable any threats on the domain.


However, the .zip file does contain actual files gathered from this initially infected server.



Good&Bad File examples.zip

how to get data.txt


Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...