One more development of malicious software of Ransomware family is Lotej file virus that, such as the preexisting malicious programs of this family (Nvetud, Cosakos, and so on), is made to lock important files, that will lead to their dysfunction, for the elimination of which the user will have to pay ransom to the fraudsters.
Files encrypted by Lotej virus
Getting to the user’s computer, the Lotej file virus starts searching for files in all folders and recursively, and after their detection, locks up each of them using complex digital algorithm that completely blocks them and leads to their dysfunction. This file virus is capable of encrypting various files like video materials, photos, archives, web application-related files, database, documents and drawings, as well as its destructive effects can be subjected to backups. Lotej file virus encrypts almost of files, including common as:
.m3u, .wm, .sidd, .xdb, .rim, .jpe, .desc, .tor, .bik, .hkdb, .big, .wpd, .ai, .bar, .xpm, .wbd, .jpg, .wpl, .wbz, .lrf, .das, .hplg, .menu, .tax, .jpeg, .eps, .js, .apk, .zw, .x, .mdf, .sis, .wpd, .png, .wpt, .re4, .x3f, .xlsm, .rwl, .rgss3a, .xlgc, .mrwref, .cr2, .yml, .7z, .pptm, .epk, .rb, .icxs, .css, .p12, .odp, .xbdoc, .cer, .mp4, .xlsx, .kdc, .xlk, .t13, .bc6, .xyp, .d3dbsp, .p7c, .esm, .wp7, .rtf, .m2, .wpg, .iwi, .crw, .vdf, .odb, .ibank, .wgz, .txt, .ztmp, .blob, .xld, .xml, .wsc, .cfr, .xlsm, .z3d, .xlsx, .zip, .bay, .bkp, .sie, .wcf, .wav, .dbf, .psd, .map, .qdf, .fsh, .sr2, .wb2, .1, .wpa, .pak, .ysp, .db0, .lvl, .asset, .wmo, .zif, .ncf, .erf, .kdb, .wbmp, .wp, .forge, .mdb, .psk, .wps, .xlsb, .bc7, .3dm, .docm, .wpw, .wps, .xls, .2bp, .xyw, .mpqge, .svg, .wsd, .gho, .pst, .gdb, .wotreplay, .mov, wallet, .pef, .pdd, .w3x, .xwp, .wpb, .ods, .orf, .wri, .webdoc, .z, .pem, .ybk, .ff, .wdb, .xdl, .wmv, .doc, .pdf, .sav, .rar, .iwd, .bsa, .arw, .qic, .yal, .sb, .sum, .p7b, .xmind, .fpk, .raw, .crt, .wpe, .1st, .nrw, .zdc, .wdp, .litemod, .xxx, .odm, .cas, .docx, .wn, .wma, .xf, .x3f, .xx, .xmmap, .dmp, .mddata, .wire, .pptx, .r3d, .vpp_pc, .m4a, .slm, .vtf, .itm, .x3d, .cdr, .vpk, .zip, .rofl, .dba, .lbf, .arch00, .der, .webp, .dwg, .dazip, .dcr, .layout, .hkx, .zi, .wbk, .xbplate, .xar, .wp5, .flv, .zdb, .srf, .kf, .wp4, .xy3, .hvpl, .pkpass, .wma, .y, .xls, .rw2, .odc
The Lotej file virus blocks users’ files using a strong encryption method, overwrites most of the content of the original files with the encrypted data and appends the .lotej extension to every encrypted file. The victim who sees the files with .lotej extension understands that they are locked and will remain so until he pays the attackers the required amount of money for obtaining a special key that will decrypt the files. Usually, the authors of the Lotej file virus leave a ransom message named ‘_readme.txt’ to users who have infected their computer with this virus, indicating the required amount of ransom.
“Lotej file virus” – ransomnote
Threat Summary
| Name | Lotej file virus |
| Type | File locker, Ransomware, Crypto virus, Filecoder, Crypto malware |
| Encrypted files extension | .lotej |
| Ransom note | _readme.txt |
| Contact | gorentos@bitmessage.ch |
| Ransom amount | $980 in Bitcoins |
| Symptoms | Documents, photos and music won’t open. Windows Explorer displays a blank icon for the file type. Your file directories contain a ‘ransom note’ file that is usually a .txt file. |
| Distribution ways | Unsolicited emails that are used to deliver malicious software. Malicious downloads that happen without a user’s knowledge when they visit a compromised web site. Social media posts (they can be used to entice users to download malware with a built-in ransomware downloader or click a suspicious link). Misleading web-sites. |
| Removal | To remove Lotej ransomware use the removal guide |
| Decryption | To decrypt Lotej ransomware use the steps |
We suggest you to remove Lotej file virus sooner, until the presence of the file virus has not led to even worse consequences. You need to follow the few simple steps below that will allow you to completely remove Lotej file virus from your machine as well as restore encrypted documents, photos and music, using only few free tools.
Quick links
- How to remove Lotej file virus
- How to decrypt .lotej files
- Lotej decryption tool
- How to restore .lotej files
- How to protect your personal computer from Lotej file virus?
How to remove Lotej file virus
There are a few solutions which can be used to remove Lotej virus. But, not all ransomware such as this file virus can be completely removed using only manual methods. Most commonly you are not able to uninstall any virus using standard MS Windows options. In order to remove Lotej virus you need use reliable removal utilities. Most IT security experts states that Zemana Anti-malware, Malwarebytes or KVRT tools are a right choice. These free applications are able to detect and uninstall Lotej virus from your system for free.
How to uninstall Lotej file virus with Zemana Anti-Malware
Zemana Free is a free utility that performs a scan of your computer and displays if there are existing worms, trojans, crypto virus, spyware, adware software and other malicious software residing on your computer. If malware is found, Zemana Free can automatically remove it. Zemana doesn’t conflict with other antimalware and antivirus applications installed on your PC system.
- Installing the Zemana AntiMalware is simple. First you will need to download Zemana by clicking on the following link.
Zemana AntiMalware
164032 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019
- At the download page, click on the Download button. Your browser will display the “Save as” prompt. Please save it onto your Windows desktop.
- After the download is done, please close all programs and open windows on your personal computer. Next, run a file named Zemana.AntiMalware.Setup.
- This will start the “Setup wizard” of Zemana Anti Malware (ZAM) onto your PC system. Follow the prompts and don’t make any changes to default settings.
- When the Setup wizard has finished installing, the Zemana will start and display the main window.
- Further, click the “Scan” button to begin scanning your personal computer for the Lotej virus and other security threats. This task can take some time, so please be patient. While the Zemana Anti-Malware utility is scanning, you can see number of objects it has identified as being affected by malicious software.
- Once the scan is finished, it will open the Scan Results.
- When you’re ready, click the “Next” button. The utility will uninstall Lotej file virus and other security threats and add items to the Quarantine. When that process is complete, you may be prompted to reboot the machine.
- Close the Zemana Anti Malware (ZAM) and continue with the next step.
How to delete Lotej virus with MalwareBytes Free
You can uninstall Lotej file virus automatically through the use of MalwareBytes. We recommend this free malicious software removal utility because it may easily remove virus, adware software, malware and other unwanted software with all their components such as files, folders and registry entries.
MalwareBytes Anti Malware (MBAM) can be downloaded from the following link. Save it on your MS Windows desktop or in any other place.
326384 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
After downloading is done, close all windows on your PC system. Further, start the file called mb3-setup. If the “User Account Control” prompt pops up as shown on the image below, click the “Yes” button.
It will open the “Setup wizard” that will assist you install MalwareBytes Anti-Malware on the PC. Follow the prompts and don’t make any changes to default settings.
Once installation is done successfully, click Finish button. Then MalwareBytes Anti Malware will automatically start and you may see its main window as shown below.
Next, click the “Scan Now” button . MalwareBytes program will scan through the whole machine for the Lotej file virus, other kinds of potential threats such as malware and trojans. Depending on your system, the scan can take anywhere from a few minutes to close to an hour. While the MalwareBytes Free is scanning, you can see count of objects it has identified either as being malicious software.
When MalwareBytes is done scanning your computer, MalwareBytes Free will display a list of found items. Review the report and then press “Quarantine Selected” button.
The MalwareBytes Free will uninstall Lotej file virus, other kinds of potential threats such as malicious software and trojans. After disinfection is finished, you can be prompted to reboot your system. We recommend you look at the following video, which completely explains the procedure of using the MalwareBytes AntiMalware to uninstall browser hijackers, adware and other malicious software.
Remove Lotej file virus from computer with KVRT
If MalwareBytes anti-malware or Zemana anti-malware cannot uninstall this file virus, then we advises to use the KVRT. KVRT is a free removal tool for file viruss, adware software, potentially unwanted apps and toolbars.
Download Kaspersky virus removal tool (KVRT) by clicking on the link below.
129055 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
Once the downloading process is finished, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you will see the KVRT screen like below.
Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next click Start scan button . Kaspersky virus removal tool utility will begin scanning the whole machine to find out Lotej virus . Depending on your PC, the scan can take anywhere from a few minutes to close to an hour. When a malware, adware or PUPs are found, the number of the security threats will change accordingly.
When Kaspersky virus removal tool has finished scanning your personal computer, Kaspersky virus removal tool will produce a list of unwanted applications and virus as displayed on the screen below.
Make sure to check mark the threats which are unsafe and then click on Continue to begin a cleaning procedure.
How to decrypt .lotej files
You can damage documents, photos and music locked with Lotej file virus, or make them useless forever if you try to find the private key on your own, which is almost impossible in view of its cryptographic complexity. It is very important to know and understand the level of importance of constantly backing up important files to various media, such as an Flash Drive, so that in case of damage to your PC by malware you can always extract a copy of corrupted files.
Never pay the ransom! However, it should be noted that the transferred amount of money to attackers is not yet a guarantee that the victim will receive a private key to decrypt the locked documents, photos and music. Very often, after receiving the ransom payment, cyber criminals impose new requirements for the transfer of an even larger amount of money. It is impossible to predict unambiguously what will be the actions of cybercriminals who developed the Lotej virus, but it is safe to say that these actions are immoral and illegal.
Files encrypted by Lotej virus
It is not necessary to pay the cyber criminals a ransom, the best option in case of infection of this file virus is to archive the files that were affected by it, until the moment of obtaining the Lotej decryption tool. On this blog post below you will find useful guidance on how to recover encrypted files for free.
Lotej decryption tool
With some variants of Lotej virus, it is possible to decrypt encrypted files using free tools listed below.
Michael Gillespie (@) released the Lotej decryption tool named STOPDecrypter. It can decrypt .Lotej files if they were locked by one of the known OFFLINE KEY’s retrieved by Michael Gillespie. Please check the twitter post for more info.
Lotej decryption tool
STOPDecrypter is a program that can be used for Lotej files decryption. One of the biggest advantages of using STOPDecrypter is that is free and easy to use. Also, it constantly keeps updating its ‘OFFLINE KEYs’ DB. Let’s see how to install STOPDecrypter and decrypt .Lotej files using this free tool.
- Installing the STOPDecrypter is simple. First you will need to download STOPDecrypter on your Windows Desktop from the following link.
download.bleepingcomputer.com/demonslay335/STOPDecrypter.zip - After the downloading process is done, close all applications and windows on your machine. Open a file location. Right-click on the icon that’s named STOPDecrypter.zip.
- Further, select ‘Extract all’ and follow the prompts.
- Once the extraction process is finished, run STOPDecrypter. Select Directory and press Decrypt button.
If STOPDecrypter does not help you to decrypt .Lotej files, in some cases, you have a chance to restore your files, which were encrypted by ransomware. This is possible due to the use of the tools named ShadowExplorer and PhotoRec. An example of recovering encrypted files is given below.
How to restore .lotej files
In some cases, you can recover files encrypted by Lotej file virus. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted files.
Restore .lotej encrypted files using Shadow Explorer
In order to restore .lotej files encrypted by the Lotej virus from Shadow Volume Copies you can use a utility named ShadowExplorer. We recommend to use this solution as it is easier to find and restore the previous versions of the encrypted files you need in an easy-to-use interface.
Installing the ShadowExplorer is simple. First you will need to download ShadowExplorer on your MS Windows Desktop by clicking on the following link.
438666 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019
When the download is done, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder as displayed on the image below.
Double click ShadowExplorerPortable to run it. You will see the a window similar to the one below.
In top left corner, choose a Drive where encrypted personal files are stored and a latest restore point as shown on the screen below (1 – drive, 2 – restore point).
On right panel look for a file that you wish to recover, right click to it and select Export as displayed below.
Run PhotoRec to restore .lotej files
Before a file is encrypted, the Lotej file virus makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to restore your documents, photos and music using file restore applications like PhotoRec.
Download PhotoRec from the following link.
After the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and select Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as displayed in the following example.
Double click on qphotorec_win to run PhotoRec for Microsoft Windows. It will show a screen as displayed on the image below.
Select a drive to recover as on the image below.
You will see a list of available partitions. Select a partition that holds encrypted documents, photos and music similar to the one below.
Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, press OK button.
Next, press Browse button to select where restored documents, photos and music should be written, then press Search.
Count of restored files is updated in real time. All restored files are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.
When the recovery is finished, press on Quit button. Next, open the directory where recovered files are stored. You will see a contents as displayed in the figure below.
All restored documents, photos and music are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re looking for a specific file, then you can to sort your recovered files by extension and/or date/time.
How to protect your personal computer from Lotej file virus?
Most antivirus programs already have built-in protection system against the file virus. Therefore, if your system does not have an antivirus application, make sure you install it. As an extra protection, run the HitmanPro.Alert.
Run HitmanPro.Alert to protect your computer from Lotej file virus
All-in-all, HitmanPro.Alert is a fantastic utility to protect your computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Windows operating system from Windows XP to Windows 10.
Installing the HitmanPro Alert is simple. First you will need to download HitmanPro.Alert on your Windows Desktop by clicking on the following link.
Once downloading is done, open the file location. You will see an icon like below.
Double click the HitmanPro Alert desktop icon. Once the utility is started, you will be displayed a window where you can choose a level of protection, as displayed on the screen below.
Now press the Install button to activate the protection.
To sum up
Now your PC system should be clean of the Lotej file virus. Delete MalwareBytes Anti Malware and Kaspersky virus removal tool. We advise that you keep Zemana (to periodically scan your PC for new malware). Moreover, to prevent file virus, please stay clear of unknown and third party programs, make sure that your antivirus program, turn on the option to block or look for ransomware.
If you need more help with Lotej virus related issues, go to here.
