.lokas Files Virus (STOP) - How to Remove It

.lokas Files Virus (STOP) – How to Remove It

This article explains the issues that occur in case of infection with .lokas files virus and provides a complete .lokas virus removal guide. Follow the steps below and find also how to potentially recover .lokas files.


The cryptovirus called .lokas files virus is a new strain of STOP ransomware. Security researchers reported that the threat is currently infecting popular computer systems around the globe. Its malicious samples are released in active attack campaigns that aim to trick users into activating .lokas payload file on their computers.

The moment this event occurs, the ransomware infects essential system settings. By doing this, .lokas virus disrupts computer security and becomes able to perform data encryption process. Since it is known to be using sophisticated cipher algorithm while encrypting target files, it leaves all corrupted files completely out of order. In addition, the ransomware marks them with an extension of the same name – .lokas

At last, the threat drops its ransom message file which attempts to blackmail victims into paying a ransom in cryptocurrency to the hacker collective. The file is named _readme.txt. It could be placed on the desktop as well as in each folder that contains .lokas files.

Threat Summary

Name.lokas Files Virus
TypeRansomware, Cryptovirus
Short DescriptionA version of the STOP/DJVU ransomware that is designed to encrypt valuable files stored on infected computers and then extort a ransom from victims.
SymptomsImportant files are encrypted and renamed with the extension .lokas. A ransom message forces victims to contact hackers in order to receive instructions on how to pay a ransom ($490 – $980).
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by .lokas Files Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .lokas Files Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.lokas Files Virus – Update July 2019

The good news for all victims of STOP .lokas ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.

So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free .lokas decryption tool and learn how to proceed with the decryption process.

Decrypt Files Encrypted by STOP Ransomware

Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of .lokas ransomware infections.

.lokas Files Virus – Infection Overview

Hackers who stand behind .lokas attacks are likely to be using the help of well-known spread techniques to deliver their malicious code to users’ computers.

One way to deliver .lokas virus to computer systems is likely to be the technique malspam. Malspam is often used for the spread of ransomware like .lokas STOP. It is realized via massive spam email campaigns.

The following traits may help you detect the presence of malware in a received email:

  • A link to compromised web page that is set to download and execute infection files directly on the PC. The URL address to this page may be presented in the form of an in-text link, banner, image, button or full URL address.
  • A malicious file attachment that is presented as legitimate document by the text message. It could be uploaded in a .rar or .zip archive. Such a file could be set to evade active security measures and trick you into running the ransomware on your PC.

In addition, it is good to know that these emails are often set to pose as representatives of well-known companies so that you are more likely to follow the presented instructions.

Other channels that may be used for the spread of .lokas ransomware are hacked social media profiles, online gaming platforms, websites for free software, P2P networks, etc.

The moment the .lokas files virus is executed on a target machine, the infection process begins. As reported by security researchers this threat is a based on the code of

STOP/ Djvu ransomware. STOP ransomware is the name of a notorious threat family that has appeared on the malware scene in May 2018.

Its main goal is to encrypt certain types of files that are likely to store personal information so it can then extort a ransom fee for their recovery. In order to reach target files .lokas ransomware needs to evade detection. Hence it is designed to access some essential system components and modify their settings.

Malicious entries created by .lokas files virus may be found under the registry sub-keys Run and RunOnce. Since these two keys have the functionality to auto-execute files and processes, they are often affected by cryptoviruses like .lokas

So be advised to check them for present malicious entries while removing the threat from the infected computer:

→ HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Soon after .lokas virus applies needed changes it continues with the encryption stage. During this stage it loads a built-in encryption module that is set to encode target files with strong cipher algorithm. Among the corrupted files may be all of the following:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

Every encrypted file could be recognized by the extension .lokas that is appended to its name. Unfortunately, all .lokas files remain inaccessible until their code is restored via an efficient recovery method.

Eventually, this nasty impact is misused by threat actors who attempt to blackmail you into paying a ransom fee. Their instructions are presented by a ransom message. A copy of .lokas files virus‘ ransom message (_readme.txt):


Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest
encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:


Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.
Please note that you’ll never restore your data without payment.
Check your e-mail “Spam” or “Junk” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail:


Reserve e-mail address to contact us:


Our Telegram account:
Your personal ID:

lokas virus ransom message readme txt sensorstechforum

The good news is that STOP ransomware has its weaknesses and the security researcher Michael Gillespie has managed to release a free decryption tool for a lot other STOP strains. Hopefully, he will manage to update the tool to support .lokas files decryption too. As soon as this happens we will update our .lokas removal guide with a download link for the decrypter. Meanwhile, you could check the restore data part included in this guide where you can find some alternative data recovery approaches.

Remove .lokas Files Virus and Restore Data

The so-called .lokas files virus is a threat with highly complex code that plagues the whole system in order to encrypt personal files. Hence the infected system could be used in a secure manner again only after the complete removal of all malicious files and objects created by .lokas ransomware. That’s why we recommend that all steps presented in the .lokas removal guide below should be completed for the sake of your system and data security. Beware that the manual ransomware removal is suitable for more experienced computer users. If you don’t feel comfortable with the manual steps navigate to the automatic part of the guide.

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share