.Lapoi Virus File Ransomware (Decrypt .lapoi Files)

Lapoi virus is a dangerous malware infection, detected recently and capable of huge destruction. It silently enter your system and corrupt all your personal files, documents, programs everything and make your system useless. this harbinger of massive destruction belongs to data locker (crypto malware) community. This .Lapoi File Virus is a new variant of an old er file encrypting malware that has been unleashed by hackers earlier this year, since then hundreds of new variants of this infection has been seen. Once your system is infected by .Lapoi Ransomware it will cripple your entire computer system by making all your files inaccessible. if you try to download new files or create on your system, they all will get encrypted automatically. This perilous malware infection can entirely damage your system just for forcing you to pay ransom money in return of the decryption key which may or may not recover your data.

.lapoi file virus

.Lapoi ransomware is another new variant of notorious STOP ransomware family. It is a sneaky malware that intrude your PC silently and encrypt all your files. If all your files, pictures, documents, videos are showing .Lapoi extension then your computer is infected by this harmful ransomware virus. In this guide we will try to help you in removing this threat from your computer and recover .Lapoi files safely without paying ransom money. So keep reading this guide and follow the instructions carefully.

.Lapoi Virus : Threat Analysis

Name .Lapoi Ransomware, .Lapoi Files Virus, .Lapoi Extension Virus
Type Ransomware, Cryptovirus
Family STOP Ransomware
Ransom note _readme.txt
Extension .Lapoi
Description Lapoi ransomware encrypt your files by adding .Lapoi extension to file names and demands a ransom to give decryption key
Symptoms You will not be able to access any files on your system. You will find Ransom note in each folder demanding money.
Distribution Method Spam Emails, Email Attachments
Detection Tool Download Automatic Removal Tool
Data Recovery Download Data Recovery Pro 

As the name suggests, .Lapoi ransomware is a file encrypting malware. It restricts the access of your data by encrypting your files. Then after it will leave a ransom note on your computer with the name of “_readme.txt”. That ransom note contain a warning message in which it threatens to delete your files unless you pay a fixed ransom amount in a given time period. This nasty .Lapoi ransomware is able to infect all versions of Windows PC including XP, vista, 7, 8 and 10. You will find that all your files are renamed and they show .Lapoi extension at the end. You will not be able to access any of those .Lapoi files. This dubious threat can easily infect all of the common files that are normally in used in computer these days. You can see the list of file types in the list that can be encrypted by this threat:

.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt

.Lapoi file virus will place “_readme.txt” ransom note in each folder after encrypting your files with .Lapoi extension. The other very dangerous thing about this infection is, it will delete all the shadow files from your computer after encrypting your data. It means now you don’t have option to recover your data through shadow file explorer. If you are still not sure that your computer is infected by .Lapoi Virus Ransomware or any other virus, then we can help you. As you know every ransomware leave its own specific ransom note on your computer, so you can identify the infection easily. Here is the ransom message that this nasty .Lapoi file virus leave on your system:


Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e-mail:

Reserve e-mail address to contact us:

Our Telegram account:
Your personal ID:

How .Lapoi Virus Infect Your System

Threats like .Lapoi file virus are like a new strain of a pre existing malware infection, which means hackers behind this type of infection are active form quite a time that gives them all the knowledge about and expertise about malware intrusion. It clearly means that .Lapoi virus can infect your system through several different ways that you won’t even notice. However hackers mostly use spam email techniques because it is quite easy and works most of the time. When people get a spam email pretending to be some normal report or service or offers, they normally open them to check and thus virus get slipped on the machine. you can also get this virus bundled with other free third party programs, shareware application or cracked software. Malicious websites like torrent or porn sites could also be used to spread malware online.

Is it possible to Recover .Lapoi Files

As far as the matter of your encrypted files, you must remove this virus from your PC first. Then after you can try to the STOPDecryptor software which is specially designed to recover files encrypted by the same family of threats. But there is also a catch, this decryptor can only help you if your files are encrypted using offline key. In most cases when you PC is always connected to Internet, hackers use online keys to encrypt your files. In such cases you can only get the decryption from hackers. But it is completely risky and dangerous to reason with hackers. There is no guarantee that they will give your decryption key after getting the payment. It is also possible that decryption key may bring more threats and malware on your system. So you can rule out this option to pay the ransom money. Apart from this you can also try some very prominent Data recovery software such as ParetoLogic Data Recovery Pro software which is know to recover all types of lost, encrypted or deleted files.

How To Remove .Lapoi Files Virus

The first most important thing for you is to remove this nasty Ransomware infection from your computer. It is a nasty malware infection which can keep creating new problems until you remove this threat completely from your machine. It can re-encrypt your files again if anyhow you manages to recover your files. Apart from this it can also bring other threats and malware on your system without permission. If you wait much longer, it will make several harmful changes to your system settings and registry which can make it more difficult to get rid of this nasty .Lapoi Files Virus. So you are advised to backup all your encrypted files on a cloud drive and then delete this nasty malware from your PC. It is a highly advanced and sophisticated malware infection due to which you will need to a powerful Automatic Malware Removal Tool to remove this infection. You can download this software from the below button.

Download Automatic .Lapoi Files Virus Removal Tool

Alternative Data Recovery Option

If you don’t have backup of your files and you are not able to recover your files, then you can use professional data recovery software to recovery your files. ParetoLogic Data Recovery Pro software is a highly advanced and powerful data recovery suite. It can recover lost or permanently delete files. You should try the free version of this software to scan your PC. If the software can detect your files, then you will need to pay the recover all your files. But in this case you are not paying ransom money hackers. The Malware Removal Tool and Data Recovery are much more cheaper option than paying ransom money.

  • First you need to download the Data Recovery Pro Software.

Download Data Recovery Pro Now

  • After installing the software launch the program and click on Start Scan to run full scan of your PC.

Recover file encrypted by .Lapoi Files Virus

  • When software detect all your files, then click on Recover button to get your files back.

Recover file encrypted by .Lapoi Files Virus

Manually Remove .Lapoi Files Virus

Part 1 – Start PC In Safe Mode With Networking

  • Press “Windows Key + R” buttons together on your keyboard.

  • Run box will appear, type “msconfig” and hit enter button.

  • System configuration box will appear on your screen.

  • Go to boot tab and select Safe boot then hit enter button.

Part 2 – Kill Malicious Process From Task Manager

  • Press “Windows Key + R” buttons together on your keyboard.

  • Run box will appear, type “taskmgr” and hit enter button to open Task manager.

  • Find malicious process related to .Lapoi Files Virus and right click on it then click End process.

Block .Lapoi Files Virus in Task Manager

Part 3 – Remove .Lapoi Files Virus From Control Panel

First you should check the Control Panel of your computer and remove any unwanted program that you have not installed by yourself. It might be possible that .Lapoi Files Virus virus is listed in Control Panel with any other random name to avoid its removal.

Remove .Lapoi Files Virus From Windows Vista/7

  • Click on Start menu and select Control Panel.

  • Select Uninstall a program option under Programs menu.

  • Find and remove all unwanted and malicious programs.

Remove .Lapoi Files Virus From Windows 7

Download Automatic .Lapoi Files Virus Removal Tool

Remove .Lapoi Files Virus From Windows 8/10

  • Click “Windows + R” button together to open run box.

  • Type Control Panel in the Run Box then click OK.

  • Select Uninstall a program option under Programs menu.

  • Find and remove all unwanted and harmful programs.

Remove .Lapoi Files Virus From Windows 10

Part 4 – Remove .Lapoi Files Virus From Browser

Remove From Google Chrome

  • Open Chrome browser > Click on Menu > select More Tools > Choose Extensions.
  • Find and remove malicious extension from chrome.

Remove .Lapoi Files Virus From Chrome

Remove From Mozilla Firefox

  • Open Mozilla Firefox > Click on Menu > select Add-ons.
  • Find and remove malicious add-ons from Firefox.

Remove .Lapoi Files Virus From Firefox

Remove From MS Edge

  • Open Edge browser > Click on More option > select settings > Choose Extensions.
  • Click on unwanted extension and hit uninstall button.

Remove .Lapoi Files Virus From Edge

Remove From Internet Explorer

  • Open Internet Explorer > Click on Gear icon > choose Manage Add-ons.
  • Click on unwanted extension and press disable button.

Remove .Lapoi Files Virus From Internet Explorer

Part 5 – Remove .Lapoi Files Virus From Registry Editor

  • Press “Windows Key + R” buttons together on your keyboard.

  • Run box will appear, type “regedit” and hit enter button.

  • Windows Registry editor will appear on your screen.

  • Find and remove .Lapoi Files Virus related keys.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’


HKEY_LOCAL_MACHINE\SOFTWARE\Uninstall\”virus name”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “xas”

HKEY_CURRENT_USER\Software\.Lapoi Files Virus

Tips To Prevent Malware Like .Lapoi Files Virus In Future

  • You should use a powerful and reliable anti-virus program and scan your computer regularly.
  • Check Windows Firewall security and turn it on for the real time safety form malware and viruses.
  • You must avoid visiting to malicious, porn and torrent websites to stay safe online.
  • Avoid downloading any free or unknown program from any unreliable website or link.
  • Say a big No to download cracked software, themes and wallpaper, screensaver similar products.
  • Do not click on any misleading advertisement that flash on your browser when you go online.
  • Keep your Windows OS and other software up to date to avoid vulnerabilities.
  • Download updates and software patches only from official and trusted websites.
  • Always create a system restore point when you PC is running fine for security purpose.
  • Keep backup of all your important files and data to avoid any kind of data loss situation.

Download Automatic .Lapoi Files Virus Removal Tool

This Post Has 2 Comments

  1. M.Rizwan

    dear sir
    i chang my infeced pc with new pc my data was not decrypt
    i am using that software but not recover my data
    Update to STOPDecrypter v2.1.0.24 with more OFFLINE keys.
    OFFLINE ID: ZivCxija0GBwtwtwD0q4JRy80spT6lUyybPYhot1
    Extensions: .lapoi
    OFFLINE ID: Q2fNGjIEoR7J8UnURFiIH13JGa23UqaNUDz4ret1
    Extensions: .todar
    i check my files in ID Ransomware – Identify What Ransomware Encrypted Your Files
    This ransomware may be decryptable under certain circumstances.

    Please refer to the appropriate guide for more information.
    Identified by

    ransomnote_email: gorentos2@firemail.cc
    sample_extension: .todar
    sample_bytes: [0xC8B5 – 0xC8CF] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
    Click here for more information about STOP (Djvu)
    please help me please
    my data is not Decrypter
    i chang my infacted pc with new pc my data was not decrypt
    please help me

    1. admin

      Hello Dear, if you look carefully at the logs, you will see that your files are re-encrypted. Once with .lapoi and again with .todar. This is why i don’t recommend users to pay ransom money because hackers re-encrypt their files with next version of ransomware virus. Now you got a new PC, congrats!!!
      But for your files, you are not able to decrypt because STOP decryptor only works for the offline keys. There is very less chances of hackers using offline keys. Most of the time STOP decryptor is not effective. You can try the Data Recovery Pro on your old PC to recover your files but you will have to delete the Ransomware by using Automatic Malware Removal Tool.
      You can also make a backup of all your encrypted files on cloud drive and wait for any other free decryptor. This this the best help anyone can provide right now as there is no decryptor launched which can recover 100% files encrypted this STOP Ransomware family.

Leave a Reply