Takahiro Locker

Takahiro Locker is a dangerous ransomware threat that can infiltrate your operating system without your noticing it and encrypt your major personal media files and archives as well. Unfortunately, there seems to be no way to restore you files as of yet unless you are ready to pay the demanded ransom fee. However, there is no guarantee that you get the decryption key and a tool to recover your files anyway. This major threat targets Japanese speaking computer users but this does not limit this infection to Japan alone. Since this attack could cost you your precious files, it is important to understand how it managed to end up on your computer in the first place. We do not recommend that you pay the fee, but this is totally your decision to make and your risk to take. But we do advise you to remove Takahiro Locker if you want to restore your computer’s security level.

There can be a couple of channels through which this infection can crawl onto your system. First, it is possible that you land on malicious websites that are loaded with Exploit Kits and simply loading them could drop this infection. Second, we have also found that this vicious program can infect your computer via social networking websites as well, including Facebook and Twitter. In this case, there could be a fake video or image, usually with pornographic content, on your wall that tries to convince you that it is a “must-see” video. One single click on such content could also drop Takahiro Locker onto your computer. Third, you can download this dangerous threat when you are visiting suspicious file-sharing websites and click on a fake download button or any other disguised third-party ad. So, obviously, you need to be more cautious where you click and what kind of websites you visit if you want to avoid this beast. Because by the time you manage to delete Takahiro Locker, it is most likely too late to save your files from encryption.

Finally, it is also possible to download this malicious program from spam e-mails. In fact, this is usually the mostly used method to spread ransomware infections. Such a spam e-mail contains an attached file that could be disguised as an image or a text document but it is indeed a malicious executable file. These spam mails can appear to be totally legitimate and convincing, which is further supported by the fake subject matter. These spam mails pretend to contain the image of an unpaid invoice, a documented undelivered parcel, and so on; anything really that could draw your attention to them right away. However, when you save the attached file and you run it, you actually activate this attack. Removing Takahiro Locker will not be enough at this point to recover your files anymore.

We have found that this Japanese ransomware targets the following file extensions: .txt, .jpg, .png, .bmp, .zip, .rar, .torrent, .7z, .sql, .pdf, .tar, .mp3, .mp4, .flv, .lnk, .html, .php. Losing these files could be quite devastating for you unless you have a recent backup copy stored on a removable drive, such as a pendrive or an external HDD. This infection blocks your Task Manager but it does not seem to block the main process, explorer.exe. Once the encryption is finished, the ransom note comes up. This note is on a red background and has a drawing of a smiling businessman.

The criminals behind this vicious attack demand 30,000 Yen within 3 days, which is 290 USD, paid in Bitcoins (0.46 BTC at current rate). This is quite a lot of money if you consider that you may not get anything in return. You should also be aware that this may not always happen because crooks do not want to release the private key or the decryption software to the victims. It is also possible that technical issues emerge, such as the loss of communication between the infection and the Command and Control servers. You need to think twice before you lose almost 300 dollars on top of all your personal files. We suggest that you clean your computer by removing Takahiro Locker ASAP.

Since this infection blocks your Task Manager, you cannot simply kill the malicious process ("Update.exe"). Therefore, you need to restart your computer first. Then, you can end the related task and only then can you proceed with the removal of Takahiro Locker. In order to eliminate this dangerous ransomware program, you need to delete the related files and registry entries. Once you are done with that, you can restart your computer. Please use our instructions below if you need help with this. This is when you can start copying your backups back to your hard disk if you have any. Certainly, such a vicious attack teaches us to be more careful and keep a regular backup copy on a portable drive. But, if you decide that you need proper defense for your operating system and your files, we recommend that you find and install a trustworthy malware removal program, such as SpyHunter. Keep this security tool always activated and up-to-date to give the perfect protection to your PC it deserves. Of course, becoming more cautious while surfing the net would also not hurt at all.

How to remove Takahiro Locker from Windows

1. Restart your computer if you clicked OK on the first pop-up and initiated this attack. When the pop-up comes up again after Windows starts up, simply proceed as follows.
2. Bring up the Task Manager by pressing Ctrl+Shift+Esc simultaneously.
3. Find the malicious process ("Update.exe") and press End Task.
4. Exit Task Manager.
5. Press Win+E.
6. Locate and delete the downloaded malicious file and the ransomware executable, “%Temp%\Google\Chrome\update.exe”
7. Empty your Recycle Bin.
8. Press Win+R and type regedit. Press OK.
9. Remove the following registry entries:
   HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Google Chrome Update Check (value data: “%Temp%\Google\Chrome\Update.exe”)
   HKEY_CURRENT_USER\Software\Google\Update\SEND\SENDING (random address)
10. Exit the editor.
11. Restart your computer.