Locked Ransomware

Locked Ransomware is a ransomware infection that usually sneaks onto computers because there is a security loophole on the system. We are sure that you will notice really quickly that something is wrong if you use your computer on a daily basis. To be more specific, you will not be able to access any of your files anymore. Yes, Locked Ransomware is responsible for that – it has simply encrypted the majority of files. Specialists at pcthreat.com are sure that cyber criminals who hide behind this threat have one purpose in mind – to extort money from users. Continue reading this article to find out what else you can do if you do not want to transfer your money to cyber criminals.

Research has shown that Locked Ransomware is not a very prevalent threat. It is probably because it has been launched recently (March 12, 2016). This ransomware differs from other well-known threats, e.g. Hi Buddy Ransomware, JobCrypter Ransomware, and HydraCrypt Ransomware in a sense that it based on EDA2, which is known to be the open-source ransomware kit, and it is made quite professionally. Of course, it is not completely unique. It has been observed that it uses the AES encryption algorithm like many other previously-released ransomware infections.

Users immediately notice changes if Locked Ransomware manages to enter their systems. First of all, this infection will encrypt files within 2-5 minutes and then will set a new Desktop wallpaper with the following text:

Uh oh. It looks like your files have been encrypted.

Look at READ_IT.txt on your desktop for a solution.

Of course, users open the file and notice that they need to pay a ransom of approximately $200 in Bitcoins within 72 hours in order to decrypt their files. The information provided in READ_IT.txt says that users need to send the EXACT amount of Bitcoins because the decryption key will be put on the let-me-help-you-with-that.webnode.com website under the amount of Bitcoins that has been paid. Once the key is obtained, users should go to %USERPROFILE% and find Decrypter.exe. This is a tool that will decrypt files for you, so double-click on it. You can be sure that the decryption process has been successful, if you see a wallpaper with these words: “Thank You (BTW, this is just a wallpaper).” Remember, you cannot remove the ransomware infection if you are ready to pay a ransom because it will be impossible to do that after the deletion.

There is a solution for those users who do not want to make a payment too. In order to gain access to .php, .log, .myo, .qif, .psd, .aspx, .html, .xml, .txt, .doc, .xls, .pdf, .ppt, odt, .gif, .jpg, .db, .csv, and a bunch of other files, you need to delete Locked Ransomware and restore those files from a backup. In other words, you have to remove the ransomware infection (to prevent it from encrypting files once again) and then transfer all files from the backup to the computer. Unfortunately, there is no other way to decrypt files without paying money at the time of writing.

As there are so many ransomware infections, you should know how they are distributed mainly in order to be able to protect your system from them. According to our specialists, ransomware infections are mainly spread as spam email attachments. If users download such a malicious attachment, Locked Ransomware starts doing its activities immediately. Of course, this is not the only way such threats travel. It has been found that they might attach to other programs too and sneak onto computers together with them. Last but not least, other infections existing on the system can download ransomware, which shows why it is so important to keep the system clean. It is a difficult job to protect the system from harm, so less experienced users might not be able to do that. If you are among them, install a security tool on your computer and always keep it there.

If you are not going to pay money for cyber criminals and simply want to erase this ransomware infection, you can easily download the antimalware scanner from our website (click on the Download button), upgrade the tool, and scan your system. Another way to erase this threat is to remove the malicious file which you have downloaded on your system, file with the random letters from %APPDATA%, Decrypter.exe and ransom.jpg from %USERPROFILE%, and READ_IT.txt from the Desktop. You will also need to take care of other untrustworthy programs that might have been installed on your computer as well.

Delete Locked Ransomware

1. Find the malicious .exe file you have downloaded and delete it.
2. Find the .exe file with the random letters in %APPDATA% and delete it.
3. Go to %USERPROFILE%.
4. Find and remove the Decrypter.exe and ransom.jpg files.
5. Remove the READ_IT.txt file – it will be on the Desktop.