Click on screenshot to zoom
Danger level 6
Type: Trojans

Lisp Ransomware

Do not waste time trying to read into the name of Lisp Ransomware. This name is absolutely random, and it means nothing. It certainly does not hide the decryption key that you need to unlock the files that this malware is capable of corrupting. We know that the name of this infection is random because we have analyzed hundreds of its clones. Some of them include Epor Ransomware, Foqe Ransomware, or Mmpa Ransomware. These infections were created using the STOP Ransomware code, and that is why malware scanners and removal tools can identify different variants by the same name. Due to the size of the family, cybersecurity experts have dedicated time to create a free decryptor. Unfortunately, it only decrypts files that were encrypted with an offline key, but it might be worth giving it a try. The tool is called STOP Decryptor. Whether or not you manage to get your files restored, removing Lisp Ransomware is crucial, and if you keep reading, you will learn how to delete this malware.

Although the name of Lisp Ransomware is nonsensical, it lets us know what kind of extension we can expect to see attached to the corrupted files. Of course, it is the “.lisp” extension. Before you find this extension and discover that your personal files cannot be read, Lisp Ransomware must invade your operating system, and, in theory, it should not be able to do that if your system was protected. Reliable anti-malware software can ensure that all security backdoors are guarded, and vulnerabilities patched. If there is no guard to protect you, ransomware can use various tricks to slither in. For example, the file that executes this malware could be introduced as a document file and sent via email. Spam emails can be very convincing, and less experienced users might open them without suspecting a thing. Other tricks can be used as well. If malware invades the system without any obstacles, it can then encrypt files, and, unfortunately, it mainly encrypts personal files, such as documents or photos. Sadly, not all Windows users are diligent about creating backups of important files.

If you do not have backups of the files corrupted by Lisp Ransomware, this malware might back you into a corner, and a file named “_readme.txt” is supposed to help with that. According to the message within the file, all files can be recovered successfully using a decryption tool and a decryption key. Victims can send one encrypted file to or, and the attackers will send it back in its decrypted form. This is meant to convince victims that decryption is possible. Even if that is the case, that does not mean that you should pay the ransom of $490 (or $980, depending on the time of the payment). In fact, we believe that if you paid the ransom, you would get nothing in return. Furthermore, once cybercriminals know how to contact you via email, they might flood you with extortion emails incessantly. They also could send more spam emails containing more malicious files. Needless to say, we do not recommend communicating with the attackers behind Lisp Ransomware.

It appears that the launcher of Lisp Ransomware is hidden within a folder in the %LOCALAPPDATA% directory. The folder should have a random name, and the launcher as well. Can you identify malware files? That is not always easy, and if you are inexperienced, we do not want you bulldozing through your system and deleting harmless files. Of course, if you think you can delete Lisp Ransomware yourself, follow the instructions below, and ask us questions if you need to. Another option would be to have the threat deleted automatically, which can be done with the assistance of legitimate anti-malware software. It should have been installed on your system a long time ago now, and if it had been, you would not be dealing with ransomware. So, if you want to secure your system and have existing threats removed automatically, we advise installing anti-malware software now. Afterward, you might be able to use the free decryptor or, ideally, replace the corrupted files with backups stored outside the computer.

Lisp Ransomware Removal

  1. Tap Windows+E keys simultaneously to access the File Explorer.
  2. Enter %HOMEDRIVE% into the quick access field at the top to access the directory.
  3. Delete the file named _readme.txt and a folder named SystemID too.
  4. Enter %LOCALAPPDATA% into the quick access field and locate the {random name} folder.
  5. If you can confirm that it belongs to the ransomware, right-click and Delete it with all files inside.
  6. Empty Recycle Bin and promptly install a legitimate malware scanner.
  7. Use a full system scan to determine if there are any leftovers that you still need to address.
Download Spyware Removal Tool to Remove* Lisp Ransomware
  • Quick & tested solution for Lisp Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.