Looy ransomware is file-encrypting malware from the Djvu/STOP ransomware family. This ransomware is operated by a notorious group of malicious actors who release new ransomware versions regularly. This version can be recognized by the .looy extension added to encrypted files. Unfortunately, it’s not always possible to recover encrypted files.



When users open an infected file, the ransomware starts to initiate. It immediately encrypts personal files, including photos, videos, and documents. The Looy ransomware also shows a fake Windows update window during the encryption process.

You will be able to easily recognize encrypted files because they will have a .looy extension. For example, a 1.txt file would become 1.txt.looy if encrypted. Unfortunately, until these files have been run through a Looy ransomware decryptor, you will not be able to open them.

The ransomware drops a _readme.txt ransom note which explains how users can get the decryptor. The note is the standard one dropped by all versions of the Djvu malware family. It explains that if users want to get their files back, they need to buy a decryptor for $999. There’s supposedly a 50% discount for users who make contact with the cybercriminals within the first 72 hours. The malicious actors also offer to decrypt one file for free as long as it does not contain any important information.

If you do not have a backup, it may seem like a good idea to pay the ransom. However, we should warn you that paying does not guarantee a decryptor. Malware operators are cybercriminals who do not care about helping victims. Nothing is stopping cyber criminals from just taking your money and not sending anything in return, and it has happened in the past many times. Furthermore, the ransom money will go toward future criminal activities.

If you do have a backup, you first need to remove Looy ransomware from your computer before you can access it. We strongly recommend using a good anti-malware program to delete Looy ransomware because it’s a complex infection. If you’re not careful, you could end up causing additional damage. When anti-malware software no longer detects Looy ransomware on your computer, you can connect to your backup and start recovering files.

If you have no backup, your only option is to wait for a free Looy ransomware decryptor to be released. A free Looy ransomware decryptor is not guaranteed but if does get released, it will be downloadable from NoMoreRansom.

Below is the full Looy ransomware ransom note:


Don’t worry, you can return all your files!
All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

Price of private key and decrypt software is $999.
Discount 50% available if you contact us first 72 hours, that’s price for you is $499.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Your personal ID:

How does ransomware enter computers?

If you have poor browsing habits, you’re much more likely to pick up a malware infection than users who do not engage in risky online behavior. One of the best ways to deal with ransomware is to prevent it, and the best way to prevent it is to become familiar with the distribution methods and develop better browsing habits.

It’s important to learn to recognize malicious emails. If your email address has been leaked, you are bound to receive a malicious email sooner or later. Fortunately, unless you are targeted specifically, malicious emails are quite generic and easy to recognize. They’re usually full of grammar and spelling mistakes, for example. Because senders pretend to be from legitimate companies, the mistakes are very jarring.

Another sign that you are dealing with a malicious, or at least a spam email is generic words like User, Member, Customer, etc., being used to address you. When companies send their customers emails, they use users’ names to address them because it makes the emails seem more personal. However, malicious actors target many users with the same email campaign so they use generic words. For example, if you receive an order confirmation email but it uses a generic greeting, be cautious because the attachment could be malicious.

Malicious emails that target specific users are usually more sophisticated. They do not have grammar/spelling mistakes, contain information that makes the emails seem more credible, and address users by name. Because of this, it’s recommended to scan all unsolicited email attachments with anti-malware software or VirusTotal.

Torrents are also one of the ways malware is distributed. Torrent sites are often poorly moderated so they’re full of malware. Infections are especially common in torrents for entertainment content like movies, TV series, and video games. Downloading copyrighted content using torrents is not only content theft but also dangerous for the computer.

Looy ransomware removal

Ransomware is a complex infection that requires a professional program to get rid of. Do not attempt manual Looy ransomware removal because you could cause additional damage. Most anti-malware programs will detect and remove Looy ransomware so you have many options.

Once the ransomware is no longer present, you can access your backup and start recovering your files. If you do not have a backup, back up your encrypted files and occasionally check NoMoreRansom for a free Looy ransomware decryptor.

  • Win32:RansomX-gen [Ransom] by Avast/AVG
  • HEUR:Backdoor.Win32.Tofsee.gen by Kaspersky
  • Ransom.Win32.STOP.YXECRZ by TrendMicro
  • Trojan.GenericKD.72032731 by BitDefender
  • A Variant Of Win32/Kryptik.HWPU by ESET
  • Trojan.MalPack.GS by Malwarebytes
  • Ransom:Win32/StopCrypt.YCA!MTB by Microsoft

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply