Click on screenshot to zoom
Danger level 9
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

8lock8 Ransomware

If you notice that you cannot access your photos, documents, and archive files, and their extension has changed to ".8lock8," there is no doubt that 8lock8 Ransomware has sneaked onto your system. This is a serious Trojan ransomware infection that we have found very similar to GhostCrypt Ransomware. This malware is indeed a Hidden Tear variant, which was in fact designed for educational purposes for security specialists. However, in the wrong hands, this knowledge can be just as well used to build ransoware such as this one turned out to be. After encrypting your most important files, there is no ransom note screen as usual. You need to contact these criminals via given e-mail addresses and you will get the details in a reply. We do not recommend that you pay the ransom fee for these crooks because in this case there is actually a chance that you can decrypt your files using a working tool that you can find on the web. In fact, we suggest that you first remove 8lock8 Ransomware from your computer and then, search for a file recovery tool.

This Trojan has been seen mainly spread as an infectious file attachment in spam mails. You may think that your spam filter works just fine and all the mails that land in your inbox are legitimate. So here is a shocker for you: They may not be all clean. Criminals can use sophisticated methods to trick these filters and fake official or authentic e-mails. They can make up legitimate-looking senders and important-looking subjects in order to deceive users to open them. And, of course, once you open such a spam mail, there is a good chance that you will also download the attachment and run it. It is possible that this attachment pretends to be a .pdf or .doc file, but it can also be an image or video file. Since this spam and its attachment pose as important or urgent, you will probably not hesitate to open them. And, this is when you actually infect your system with this ransomware. You could easily avoid such an attack if you only click on mails that you find totally legitimate or you expect getting them. Otherwise, you will be left with no choice but to delete 8lock8 Ransomware.

If this ransomware is activated, i.e., you double-click on the downloaded malicious file, it begins to search your computer and mapped drives for the targeted file extensions, including .asp, .aspx, .avi, .bmp, .csv, .doc, .docx, .htm, .html, .jpg, .mdb, .odt, .pdf, .php, .png, .ppt, .pptx, .rar, .sln, .sql, .txt, .wav, .xls, .xlsx, .xml, and .zip. These files get encrypted by the AES-256 algorithm, a built-in Window encryption method. The encrypted files get an ".8lock8" extension, which makes it very easy to recognize this particular malware. The encryption process should not take more than a mere minute. Once the dirty job is done, a text file is created on your desktop called "READ_IT.txt". This file contains information about the encryption and how you can get the decryption key. This information is in two languages: English and Russian.

You are supposed to send an e-mail to either or addresses to get more details about the payment of the ransom fee. Although this text file does not reveal any facts about the payment, we can tell you that the usual fee is a couple of hundreds of US dollars and most commonly demanded to be paid in Bitcoins. Criminals usually provide information regarding buying and paying with Bitcoins as this is not common knowledge. Of course, it is up to you whether you want to pay this fee to these criminals or not. We definitely cannot stop you. However, we would like you to consider that in the case of 8lock8 Ransomware there is a working decryption tool available on the web with instructions. But even so, we do not advise you to do it all alone unless you are an advanced computer user. Before you go on about deciphering your files, however, you should remove 8lock8 Ransomware and make sure that there are no other malware infections endangering your system.

Trojan ransomware infections are typically the kind of malware that make it clear for you why it is so important to make regular backup copies of your most important files. But even if you are the lucky one who has a copy on an external drive, you should clean your computer first. As a matter of fact, this ransomware does not even lock your screen or your executable system files; therefore, you do not need to restart your computer in Safe Mode. Instead, you can simply delete the malicious file you downloaded either from a spam or a bundle. Please follow our instructions below if you need help with this. It is quite likely that this is not the first time that you bump into a malware infection and may not also be the last time either. If you do not want to risk not detecting such a threat in time, you should think about installing a reliable malware removal application to keep your PC safe from similar attacks.

Remove 8lock8 Ransomware from Windows

  1. Tap Win+E to open Windows File Explorer.
  2. Locate the downloaded attachment file.
  3. Delete the malicious file.
  4. Delete "READ_IT.txt" from your desktop.
  5. Empty your Recycle Bin.
  6. Restart your computer.
Download Spyware Removal Tool to Remove* 8lock8 Ransomware
  • Quick & tested solution for 8lock8 Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.