1 of 2
Danger level 7
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Normal system programs crash immediatelly
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

.Locked_file File Extension Ransomware

A new strain of ransomware has been recently spotted by malware researchers and is dubbed LockedFile and .Locked_file File Extension Ransomware. The latter name, which is used throughout the present review, was created because the threat add the extension .locked_file. Different names aside, the major thing about this threat is that it should be removed from the computer once detected. More important, preventative measures should be taken in advance of the attack to prevent data loss and other serious security-related issues. The .Locked_file File Extension Ransomware is a complex threat which analyses the disk drive in order and encrypts only specific files selected by the attacker behind the threat.

To be more precise, the Locked_file File Extension Ransomware arrives at the targeted computer with a set of criteria or commands. The infection has been found to avoid accessing quite a few locations, including Windows, Program Files, AppData, Application Data, ProgramData, Local Settings, and some others. In addition, a list of avoidable file has also been defined. The .Locked_file File Extension Ransomware does not encrypt a range of files including .reg, .exe, .bin, .html, .java, .cab, .ttf, .cfg, and some others.

To reach victims and ask for a ransom, the .Lock_File File Extension Ransomware creates a .html file named HOW_TO_UNLOCK_FILES! in every folder where encrypted files are present. The ransom text is written in a white background, unlike in many other cases when attackers want some more dramatic effect by providing the ransom message in a black background. According to the warning, the victim has 72 hours to pay a ransom that is not mentioned in the text, neither does the method of payment. For more details, the victim is asked to contact the attackers by email. It is required that the user sends the ID number created by the infection to restoreassitant2@tutanota.com. To make sure that the attackers are willing to encrypt files, the user is invited to send the attackers three files for decryption; however, the total size of the files must be up to 5 MB, and the files should not contain valuable information, according to the attackers. That only suggest that you might not regain access to your selected files if the fraudsters find that the file you sent in does not satisfy their vaguely presented criterion.

In addition, the Locked_file File Extension Ransomware uses two command, one of which is the CACL command that can used to modify the access permissions of a file. The ransomware threat uses the three switches /E, /G, and /C. The second command is ATTRIB, which is used with the parameters -R, -A, and -H. For example, the -R parameters modifies the file to Read-only, which means that the user cannot make any modifications to the file.

The .Locked_file File Extensions ransomware also creates its registry keys in the Windows Registry to possibly check whether the system has been already affected by malware. The threat also create the mutex OurMainMutex007, the function of which is to check whether the process of the infection is already running or not.

Malware researchers suggest that that this piece of malware is still in its development stage, but that does not change the fact that it is dangerous and should be avoided. The .Locked_file File Extention Ransomware is a threat that takes your files hostage and wants to spur you into taking actions towards data recovery. Our advice is that you do not waste your time and money, because this is how ransomware developers profit from gullible computer users. The value of the damage caused, or rather the profit made by ransomware creators, is as high as $25 million and is rapidly increasing. Ransomware has become one of the major digital threats of the current days, and you should be aware of it. On top, you should make sure that no similar threat ever gets access to your computer. To achieve that, not only should you avoid visiting questionable websites but also opening spam emails and connecting to unsecured networks. Most of all, you should keep the operating system protected by anti-malware software.

In case you want to try removing the .Locked_file File Extension Ransomware manually, use our removal instructions given below. Please note that the threat is capable of creating its main file in different locations varying from computer to computer. If you really want to get rid of the .Locked File threat and avoid similar episodes in the future, we suggest that you use our recommended tool for malware removal.

How to remove the .Locked_file File Extension Ransomware

  1. Access the Downloads folder and check for malicious files. Delete if any detected.
  2. Check the desktop and the %Temp% directory for the files of the threat and delete them if any are present.
Download Spyware Removal Tool to Remove* .Locked_file File Extension Ransomware
  • Quick & tested solution for .Locked_file File Extension Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.