How to delete Looy ransomware

How to delete Looy ransomware

Looy ransomware is a serious malware infection, part of the Djvu/STOP malware family. It’s an infection that targets personal files and encrypts them. Encrypted files are not openable unless they’re decrypted first. This type of ransomware is dangerous because users’ files are not always recoverable.



For the malware to start its malicious activities, users need to initiate it. They do that by opening malicious files. As soon as it’s initiated, Looy ransomware will begin encrypting files. Its main targets are personal files, including photos, videos, and documents. Users will be unable to open any encrypted files unless they first run them through a decryptor. Encrypted files will have the .looy file extension, so they will at least be easily identifiable. For example, an encrypted 1.txt file would become 1.txt.looy if encrypted.

Looy ransomware also drops a _readme.txt ransom note. The note, which is displayed above, contains instructions on how to get a decryptor. The cybercriminals operating this ransomware demand $999 for a decryptor, to be paid in Bitcoin. The note also mentions a 50% discount for users who make contact within the first 72 hours. Users can also supposedly recover one file for free if it does not have important information.

Everything the cybercriminals say should be taken with a grain of salt. Even if you pay the requested sum, there is nothing to force the malware operators to send you the decryptor. Unfortunately, many ransomware victims have not received decryptors despite paying. Thus, even if you’re out of options, think twice before paying the ransom.

Below is the full _readme.txt ransom note:


Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
Do not ask assistants from youtube and recovery data sites for help in recovering your data.
They can use your free decryption quota and scam you.
Our contact is emails in this text document only.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that’s price for you is $499.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

For users with a backup, file recovery should not be an issue. However, it’s important to remove Looy ransomware first. Backed-up files would become encrypted otherwise. Anti-malware software should be used to delete Looy ransomware because it’s a complicated infection.

If users do not have a backup, waiting for a free Looy ransomware decryptor to be released is the only option. Whether a Looy ransomware decryptor will be released is not certain but if it does, it would be downloadable from NoMoreRansom.

What are ransomware distribution methods?

Users with poor online habits and those who engage in risky behavior are much more likely to pick up malicious infections. Ransomware is often found in torrents, email attachments, and malicious ads/links, so if users are not careful, they can easily pick up an infection. Developing better habits and learning at least the most common infection methods is a great way to avoid malware.

If you use torrents to pirate copyrighted content, you will encounter malware sooner or later. In addition to torrent sites often being poorly regulated, many torrent users are not aware of what malware in a torrent looks like, making it perfect for malware distribution. Malware is especially prevalent in torrents for entertainment, like movies, TV series, and video games. So not only is pirating via torrents content theft, it’s also dangerous because of the threat of malware.

Email attachments are also a great way to spread malware because many users are not careful and open attachments without checking whether they are safe. Malicious senders make the emails resemble notifications sent by legitimate companies. The emails are often made to appear like parcel delivery notifications and purchase receipts. However, the emails are usually low-effort and immediately identifiable as malicious. First of all, such emails are full of grammar and spelling mistakes. Whether the mistakes are purposeful is up for debate but at least they make it easy to identify malicious emails. Another sign is users being addressed with generic words like User, Member, Customer, etc. when the sender should know the person’s name. For example, legitimate notification emails about a successful payment display the person’s name. However, because scammers target many users with the same email, they use generic words to address users. Cybercriminals also rarely have users’ personal information.

Cybercriminals also target specific people with their malicious emails. These emails are significantly more sophisticated and contain information that makes them more credible. They would be mistake-free and address users by name. Just in case, scan all unsolicited email attachments with an anti-virus program or VirusTotal before opening them.

How to remove Looy ransomware

You should only remove Looy ransomware using anti-malware software. Ransomware is a very complex malicious infection, and unless you know exactly what you’re doing, manual Looy ransomware removal could cause additional damage. Using anti-malware to delete Looy ransomware is easier and much safer.

Once ransomware has been removed, you can access your backup and start file recovery. If ransomware is still on the computer when you connect to your backup, the backed-up files will also become encrypted. So if you have a backup, fully remove Looy ransomware before you connect to it.

If you do not have a backup, your only option is to wait for a free Looy ransomware decryptor to be released. It’s not currently available but it could be released in the future. You should back up the encrypted files and occasionally check NoMoreRansom for a free Looy ransomware decryptor.

Looy ransomware is also detected by:

  • AVG/Avast as Win32:RansomX-gen [Ransom]
  • BitDefender as Gen:Variant.Babar.449915
  • ESET as A Variant Of Win32/Kryptik.HWPU
  • Malwarebytes as Trojan.MalPack.GS
  • Microsoft as Trojan:Win32/Znyonm
  • TrendMicro as Ransom.Win32.STOP.YXECRZ
  • Kaspersky as HEUR:Backdoor.Win32.Tofsee.gen

Site Disclaimer is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.