Lomix Ransomware

As soon as Lomix Ransomware infects the system, it should eliminate your shadow copies and start encrypting your private data. Afterward, the malicious application should display a ransom note through which the malware’s creators are offering to decrypt the enciphered data for 500 US dollars. However, instead of funding these cyber criminals, we would advise you to delete the infection with reliable antimalware software or erase it manually with the instructions placed below the text. Firstly, paying the ransom is rather risky, because there is no reassurance you will get the decryption key and so you could lose the transferred money in vain. Secondly, the malware might encrypt files only in a particular location; thus for starters you should decide if such data is worth the risk. Before making any decision, we encourage you to read the article and find out more information about Lomix Ransomware.

The research shows the threat may infect the computer after launching a malicious file. Such data could be distributed via suspicious Spam emails or harmful web pages. Once the malware is executed it should create a copy of itself in the %PROGRAMFILES(x86)%\Common Files directory. The copy could have a random name, so it might be different for each user. Lomix Ransomware’s next step is to create a task in the %WINDIR%\System32\Tasks location. It should have a title from ten random digits and because of this task the malware might be able to open its window automatically even if you log in with another user’s account.

Eventually, the malicious application should start the encryption process. It targets various documents, videos, photographs, images, and lots of other file types. According to our researchers, the infection may even encrypt executable files. Nonetheless, Lomix Ransomware might not do so much damage to the computer as you could imagine. Apparently, the malware should only affect data that is placed in the %USERPROFILE% directory and its subfolders, for example, Desktop, Downloads, and so on.

In other words, if the threat infected the system, but you have a tidy Desktop and keep your most valuable data somewhere else, you might consider yourself lucky. Users can quickly confirm it by taking a look at the files placed in other locations; files that are not marked with .encrypted extension should not be enciphered or damaged in any way. Moreover, for the encryption process, the malicious applications could use a strong cryptosystem called AES-256, so in order to decipher the affected data, you would need a decryption key.

When the malware affects all targeted data, it should open a window with a list of enciphered files and also short instructions on how to decipher such data. As the instructions state, the cyber criminals want you to pay them 500 US dollars in Bitcoins for the decryption key. The note does not say how to pay the ransom; instead, it asks to contact the cyber criminals via email (wambeng.watson@gail.com).

Probably, the reply letter would give you more detailed instructions on how to make the payment. However, since 500 US dollars is quite a huge sum and the malicious application does not affect that many files compared to other similar infections, we do not think it is worth to risk losing your savings. Lomix Ransomware’s creators might promise you anything to convince you to pay, but in the end, you cannot be sure if they will actually keep up to their promises.

Therefore, if you do not want to put up with the malware’s creators demands, we advise you to eliminate Lomix Ransomware. The instructions below might help you erase the malicious application manually, although you should keep it in mind that the infection creates files with random titles, so the instructions cannot be more accurate. As a consequence, the manual removal might be too difficult for some users. In that case, it would be wise to use a reliable antimalware tool. It could scan the system and locate all associated files with the threat automatically. Also, once the scan is over, you could get rid of the detected threats immediately by simply clicking the deletion button.

Remove Lomix Ransomware from the computer

1. Press Win+E to launch the Explorer.
2. Check all directories where you might have saved a malicious file that infected the system (e.g. Downloads, Desktop, Temporary Files, and so on).
3. Right-click the infected file and choose Delete.
4. Navigate to this location: %PROGRAMFILES(x86)%\Common Files
5. Find a malicious file with a random title and erase it.
6. Go to this path: %WINDIR%\System32\Tasks
7. Search for a file with a random name from ten digits, right-click it and press Delete.
8. Empty the Recycle bin.