Click on screenshot to zoom
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Lock2017 Ransomware

If your files were taken as hostages by Lock2017 Ransomware, you should read this article and find out more information about this malicious program. Like most of similar malware, the threat was created to extort money from users who have the misfortune to encounter this infection. The best course of action is not to panic and carefully consider all possible options if you do not want to make any rash decisions you could later regret. One of such decisions could be to pay Lock2017 Ransomware’s creators. As you realize, they might tell you anything just to convince you to make the payment. Therefore, we advise users not to gamble with their savings and look for other ways to recover encrypted files. We also recommend removing the infection since it might be unsafe to leave it unattended. To erase it manually just slide below the text and use the available instructions.

Some of Lock2017 Ransomware victims report that the cyber criminals who created it gained unauthorized access to their computers and dropped the malware. Often similar malicious applications enter systems with the help of their users who accidentally open an infected file, but in this case, the threat could settle in because of security vulnerabilities. If this happened to you as well, we would advise you to do all you can to secure the system, e.g. try using only strong passwords or installing a reliable antimalware tool that could protect the computer. Nonetheless, we believe the malicious application could be distributed through other channels (e.g. Spam emails) as well to spread it more widely. Thus, users should be careful with suspicious email attachments or other data downloaded via the Internet too, if they want to avoid threats alike or other harmful applications in the future.

What’s more, to encipher user’s data Lock2017 Ransomware might be using a secure cryptosystem called RSA-2048. Our researchers say that while the files are being encrypted, they might be marked with a specific extension (.id-[user id]__contact_me_lock2017@protonmail.com_or_lock2017@unseen.is). For example, an image named as forest.jpg could be titled forest.jpg.id-4378656413__contact_me_lock2017@protonmail.com_or_lock2017@unseen.is or similarly. As you can see the random code, in the beginning, is the unique ID number given to each infected computer. The following two email addresses should both belong to the cyber criminals related to this malicious program. The same information is again mentioned in the ransom note that should be dropped after the malware is done with enciphering your data.

The ransom note does not say how much you would have to pay for the chance to decipher encrypted files, but it threatens the price could be doubled if the user takes too long to contact the cyber criminals. Again, the warning does not say how many hours or days would be too long, so it is hard to tell how fast users are expected to contact the Lock2017 Ransomware’s creators. Moreover, the note says that in exchange for making the payment the user would receive both a decryption key and a decryption tool. To provide guarantees, the user is even allowed to send a single file that should be deciphered and sent back to him.

Unfortunately, the fact the cyber criminals can decrypt your data does not guarantee they will allow you to do so as well. Once they get the payment, they might not fuss over to send the promised tools. Thus, if you do not want to risk your savings, we would advise you to keep your money to yourself. Users may not be able to decrypt their data, but they can replace it with copies, so we recommend looking for available copies instead of dealing with the cyber criminals. Of course, first of all, users should clean their system by erasing Lock2017 Ransomware and other possible threats. One of the fastest ways to secure the system is to acquire a legitimate antimalware tool and perform a full system scan. Experienced users could try to delete the malware manually too. If you choose this option, you should take a look at the instructions placed below as you might prove to be useful.

Erase Lock2017 Ransomware

  1. Press Windows key+E.
  2. Navigate to the following directories:
    %TEMP%
    %USERPROFILE%\desktop
    %USERPROFILE%\downloads
  3. Find the questionable file that might have been opened before the system got infected.
  4. Right-click this file and press Delete.
  5. Find the malware’s ransom note, right-click it too and click Delete.
  6. Exit your File Explorer and empty the Recycle bin.
  7. Reboot the system.
Download Spyware Removal Tool to Remove* Lock2017 Ransomware
  • Quick & tested solution for Lock2017 Ransomware removal.
  • 100% Free Scan for Windows
disclaimer
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.