Lotus ransomware also called [paymei@cock.li].LOTUS virus locks the victim’s data on the computer. Documents, pictures, videos cannot be opened with any program anymore. Cybercriminals will generate a demand message in window pop-up and “FILES ENCRYPTED.txt” file. Follow the guide for easy and free recovery instructions.
How Lotus Ransomware Infects Computer?
Cybercriminals spread cryptovirus with similar tactics but always tries to improve techniques to trick inexperienced computer users. Usually, the ransomware infects computers via:
- Email spam – the most common way is accidentally clicking on malicious links or attached files on email from an unknown sender.
- Third-party programs – fake software update offers, untrustful applications install, and etc.
- Peer-to-peer networks – Downloading pirated files from uTorrent eMule, and others are a very high risk to get virus or trojan.
- Cracks – Extremely high risk to infect computer operating system using crack generators or license key generators.
What is the Lotus Virus?
Ransomware does not damage files! Cybercriminals lock data to get ransom from the victim. Paying money to criminals is illegal and won’t guarantee that files will be decrypted!
| Name | Lotus virus |
| Ransomware family | Dharma ransomware |
| Extension | .[paymei@cock.li].LOTUS |
| Damage level | High |
| Ransom note | FILES ENCRYPTED.txt, pop-up window |
| Ransom amount | Start’s from $500 (In Bitcoins) and goes up |
| Contact | paymei@cock.li, paymei@tuta.io |
| Symptoms | Dharma ransomware locks data changing the file extension to (example – birthday.jpg to birthday.jpg.[paymei@cock.li].LOTUS) |
| Detection names | Virus name detection list (VirusTotal) |
| Virus removal (auto) | Free remove with Malwarebytes |
| File recovery (auto) | Free scan with EaseUS Data Recovery Wizard Pro |
| System fix (auto) | *Bonus free system scan with Restoro |
The Lotus virus belongs to the Dharma ransomware family, like previous versions – Con30, Wcg, Text, OVO, TomLe, Avaad. Malware locks files (.mp4, .jpg, .pdf, .docx) with military-grade encryption – AES 256 algorithm[1] and RSA[2]cryptosystem encryption. Meanwhile virus encrypted files the ransom note “FILES ENCRYPTED.txt” file or pop up will be generated on desktop.
YOUR FILES ARE ENCRYPTED
Don’t worry, you can return all your files!
If you want to restore them, follow this link: email paymei@cock.li YOUR ID –XXXXXXXX
If you have not been answered via the link within 12 hours, write to us by e-paymei@tuta.io
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Ransom pop up text
Nearby encrypted data by Lotus virus, ransom not will be generated in .txt file named – FILES ENCRYPTED.txt
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail paymei@cock.li
Write this ID in the title of your message –
In case of no answer in 24 hours write us to these e-mails:paymei@tuta.io
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as a guarantee
Before paying you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click ‘Buy bitcoins’, and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Ransom Note – FILES ENCRYPTED.txt
Cybercriminals for file decryption asks from 500 dollars up to $1000. As proof, they offer to decrypt any file up to 1 MB for free. Hackers don’t want that victim would install any legal removal & decryption software. It is a very low chance that after payment criminals will decrypted files. Recommended not to get in touch with hackers to avoid bigger harm. Try to use legal ways to solve the problems reading – Dharma ransomware remove and decrypt guide.
Remove Lotus Ransomware
For not experienced user manual removal of ransomware is a big task. Victim must understand that some files can be damaged during recovery to minimize loss it is recommended to use professional software and strictly follow the guidelines.
1Step Backup Encrypted Data
To prevent any damage to encrypted files do a backup of all data on an external hard drive or USB. Copy of files will make you safe in any circumstances.
2Step Lotus Ransomware Manual Remove
A) Reboot the computer in safe mode with the command prompt to remove malicious files. In the loaded window type:
- cd restore and press Enter;
- rstrui.exe and press Enter.
B) Then system restore loads click:
- Click “Next”
- Choose data before ransomware encryption and click “Next”.
- Last step – click “Finish”
- If the system has been restored successfully.
- If system restore didn’t work.
IMPORTANT in any circumstances highly recommended to download a free trial of Malwarebytes to fully remove Dharma ransomware.
Decrypt Data from Lotus Ransomware
NOTE be sure that Darma virus was successfully removed before starting file decryption.
[paymei@cock.li].LOTUS ransomware free decryption instruction
Total Time: 3 minutes
Step 1
Download and install by clicking on this Kaspersky RakhniDecryptor.
1. Click on the download bar.
2. Click “Open”.
Step 2
1. In the downloaded folder click on “RakhniDecryptor.exe”.
2. Click “Run”.
Step 3
1. Click “Yes” to install.
2. Read license terms.
Step 4
1. Click “Change Parameters”
2. Select “encrypted files”
3. Click “Start”
If the free manual decrypt didn’t work use the premium app EaseUs Data recovery wizard pro, for a free scan.
FAQ
Will Removing Lotus Ransomware Unlock My Files?
No, your files are encrypted. Removing ransomware is necessary to stop further harm.
Removing Lotus Ransomware Will It Delete/Break My Files?
No, you will remove malicious files, your encrypted data will stay safe.
How to Protect From Lotus Ransomware Infection?
Premium security software should secure computer.
Virus developers must be reported to local police or cybercrime departments.
- In the United States – On Guard Online website.
- In the United Kingdom – Action Fraud website.
- In Australia – SCAMwatch website.
- In Canada – Canadian Anti-Fraud Centre.
- In France – Agence nationale de la sécurité des systèmes d’information
- In Germany – Bundesamt für Sicherheit in der Informationstechnik website.
- In Ireland – An Garda Síochána website.
- In New Zealand – Consumer Affairs Scams website.
- In India – Indian National Cybercrime Reporting Portal.
- In Pakistan – National Response Centre For Cyber Crime.