There’s Nothing Pretty About the Lisa Ransomware
The STOP/Djvu Ransomware family has made major headlines as it continues to be among the most prolific ransomware families in the world. It is said that the STOP/Djvu spawns at least three new variants on a weekly basis, and one of those is Lisa Ransomware.
Lisa Ransomware received its name from the ‘.Lisa’ suffix that it appends to the affected files. This ransomware strain works identically with the other members of the STOP/Djvu Ransomware family. The same applies to the program’s distribution as Lisa Ransomware spreads mostly via spam emails, social engineering, and compromised websites.
The Lisa Ransomware Experience
Users will unknowingly download Lisa Ransomware and suddenly find their files have been encrypted and are now inaccessible. Affected files will be appended with the ‘.Lisa’ suffix and victims will find a ransom note on their desktop in the form of the ‘_readme.txt’ document. The cybercriminals behind Lisa Ransomware request a payment of $980 for file decryption, but they are willing to lower that price to $490 in return for payment within 72 hours.
The hackers also provide victims with contact information in the form of two emails, helpteam@mail.ch and helpmanager@airmail.cc. Victims are asked to send one file to be decrypted for free as proof that the ransomware operators can unlock the victims’ files after receiving payment.
As always, we strongly recommend that victims do not communicate with the hackers and refrain from paying any ransom, as paying does not guarantee that victims will receive a decryption tool.
Surviving a Lisa Ransomware Attack
In general, we strongly recommend users keep backups of their valuable files to mitigate the trouble caused by ransomware infections. But if you should find yourself infected by Lisa Ransomware, we recommend that you use a reputable anti-malware tool to scan for and remove the elements related to this nasty infection.
