Lotej Virus (.lotej File) - How To Remove + Restore Files

Remove Lotej Virus (.lotej File Ransomware) + Restore Files

What is Lotej Virus? What are .lotej files? How to remove Lotej ransomware? How to restore .lotej encrypted files?

Lotej virus is actually a variant of Stop Ransowmare virus family. It aims to enter your PC and then scramble your files adding the lotej file extension. The Lotej virus makers want you to pay ransom of around 1000$ in BitCoin to get the files to work again. Read this guide to understand how you can remove the Lotej virus from your computer plus how to try and restore files encrypted by it.

Threat Summary

NameLotej Virus
TypeRansomware, Cryptovirus
Short DescriptionA cryptovirus that encodes your files and wants you to pay a big ransom in order to get the encrypted files to work again.
SymptomsFiles have the .lotej extension. The virus also shows a ransom note, called _readme.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by Lotej Virus


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Lotej Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Lotej Files Virus – Update August 2019

The good news for all victims of STOP Lotej ransomware is that the security researcher Michael Gillespie found weaknesses in the code of this variant and released an updated version of his STOP ransomware decrypter.

So the moment you remove all malicious files and objects from your infected system you can enter our data recovery guide where you will find a download link for the free Lotej decryption tool and learn how to proceed with the decryption process.

Decrypt Files Encrypted by STOP Ransomware

Have in mind that the tool is designed to support specific offline IDs, so it may not be effective for all occasions of Lotej virus ransomware infections.

.lotej Virus – How Did I Get It and What Does It Do?

The primary activity of the .lotej virus is oriented towards attacking and encrypting your files. The virus can enter your computer via multiple different types of methods, which do include being spread as a virus that can infect your computer. One of them includes sending spam e-mails of the .lotej virus infection file. These e-mails could make it seem as the infection file is some sort of a seemingly legitimate e-mail attachment, such as:

  • Invoice.
  • Receipt.
  • Order confirmation.
  • Document from your bank.

Another infection method includes spreading the infection file passively by uploading it online on several software download sites that are compromised. The infection file may be available there in various different forms, including being uploaded on several suspicious websites, whose main goal is to get you to believe it is a legitimate download and run it. Such files can pretend to be:

  • Setups.
  • Patches.
  • Cracks.
  • Software license activators.
  • Key generators.

When the Lotej virus is downloaded and executed it may infect your computer via using an exploit kit that silently drops the malware files in the following Windows directories:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

When the Lotej virus drops it’s malicious files on the computers of victims, it may begin to perform the following virus activities:

  • Create mutexes.
  • Touch system files belonging to Windows.
  • Obtain system Information from your infected computer.
  • Make sure to obtain your IP and Mac addresses.
  • Check if a STOP virus has previously infected your computer.

The Lotej virus may then drop it’s ransom note file, called _readme.txt:

Don’t worry my friend, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool: https://we.tl/t-1aaC7npeV9 Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that’s price for you is $490. Please note that you’ll never restore your data without payment. Check your e-mail “Spam” folder if you don’t get answer more than 6 hours.
To get this software you need write on our e-mail: blower@india.com
Reserve e-mail address to contact us: blower@firemail.cc Your personal ID:

The Lotej virus is very selective when it comes to file encryption as well. The ransomware may begin to encode files by scanning for their file extensions. The following list is the alleged file types that are encrypted by the Lotej ransomware virus:


After the Lotej virus has encrypted your files, it adds the .lotej file extension to them. They become no longer openable as they are AES encrypted and they start to appear like the following image shows:

To make sure that you have no chance of recovering your files, the Lotej virus may run the following commands that will delete the shadow volume copies of your computer. This prevents you from using Windows Backup and Windows File History to get your files back. The Lotej virus does this by executing the following commands as an administrator in Windows Command prompt:

→ sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

Paying the ransom to the cyber-criminals who are behind the Lotej virus is stronlgy inadvisable. The main reason for that is because you may not get anything from them and they may even use the gathered information by the Lotej virus to reinfect your computer sometime in the future. They will not delete virus as well, so you cannot trust these cyber-crooks. Instead, we recommend that you follow the instructions below.

How to Remove Lotej Virus and Try Restoring Files

To remove this malware from your computer, we strongly recommend that you follow the removal steps underneath. They have been created to help you isolate, identify and remove the Lotej virus by yourself. However, if you want a permanent and fast removal solution for Lotej ransomware, we strongly recommend that you download and run a scan of your computer, using a professional malware removal software. This program guarantees that all Lotej virus files will be detected and erased from your computer and it will remain protected against future infections as well.

If you want to restore the .lotej encrypted files, we have created some alternative file recovery methods underneath as well, at least until a free decryptor for Lotej is available, which will be sometime soon. These methods could help you to get back at least some of your files, but do not think that they are 100% effective.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share