LockMe Ransomware

A new file-encrypting threat has joined the game controlled by cyber criminals, and it is called LockMe Ransomware. It is unknown where this malicious threat originates from or who its creator is, but it is known that it can hide within spam emails. This is the preferred method of distribution for many creators of such malware, including MBRlock Ransomware, Team Anonymous Brazil Ransomware, and GandCrab Ransomware. The .exe file of the infection is concealed as a harmless document or a hyperlink, and the user is tricked into executing the threat themselves. Unfortunately, the execution of this malware is not obvious, and so the victim is unlikely to notice that you have launched the infection. They are likely to realize that only after their personal files are encrypted and ridiculous ransom demands are made via a .TXT file created by the threat. Of course, this file must be deleted, but to remove LockMe Ransomware successfully, you will need to find and eliminate the launcher file. The bad news is that even if you succeed at that, your files will remain encrypted.

The files are encrypted by LockMe Ransomware using a strong encryption key, and a decryption key that would be publically available and suitable for all victims does not exist. Although free file decryptors exist, they are incapable of assisting the victims of powerful ransomware infections. At this point, it is not fully known which files the devious LockMe Ransomware targets, but it is likely to corrupt all files representing unique documents, photos, and media content. When it encrypts files, the ransomware adds the tag “.lockme” to the original names. So, for example, a file named “test.doc” would be renamed to “test.doc.lockme.” Renaming these files is possible; however, you cannot recover the file by doing that because encryption has to do with the data of the file, not its name. The version of the infection tested in our internal lab did not create any other file besides README_FOR_DECRYPT_YOUR_FILES.txt. This file might be created on the Desktop, and you might find its copies placed everywhere along with the encrypted files. Note that all copies will need to be deleted when you initiate the removal process.

The ransom note represented via the README_FOR_DECRYPT_YOUR_FILES.txt informs that you need to pay a ransom of 0.03 BTC – which is currently around $330 – to 1LockMeEPLr4ZRsoht8Wp6idBsT5TuBXtX, a Bitcoin Address set up by the creator of LockMe Ransomware. According to our research, by this point, 4 transactions have been received already, coming up to 0.085 BTC (around $930). The ransom note is available in 54 different languages, which indicates that this malware might be spread all around the world. According to the message, the victim of the ransomware can recover files only if they pay the ransom. To make matters worse, a warning attached to this message implies that personal files would be leaked online if the ransom was not paid. That is unlikely to happen. The creator of LockMe Ransomware also lists two email addresses (LockMecQqL3Ruyi7V0RfZ@tutamail.com and LockMe9hG1F7pbWqThUt9P8@mailfence.com) for those who might be interested in contacting cyber criminals. That is not a good idea because you do not want cyber criminals to record your email address. Of course, they might know it already because you were sent the corrupted spam email, but you do not want to give them more opportunities to expose you to more infections and more lies.

We cannot help you much with the decryption of your files, and, in the best case scenario, you have them backed up, and you can successfully restore files after deleting LockMe Ransomware. However, we can help you remove this malicious threat, and, without a doubt, the sooner you take care of that, the better. Eliminating this threat manually can be very easy or very difficult. That depends on whether or not you can identify the launcher file. If you can, follow the instructions below. If you cannot find and remove LockMe Ransomware launcher, install a trusted anti-malware program ASAP. In fact, this is something we recommend everyone to do because only reliable anti-malware program can simultaneously erase the existing threats and also ensure full-time protection. Note the comments section below. If you have questions, you can use it to contact our research team.

LockMe Ransomware Removal

1. Delete all recently downloaded suspicious files.
2. Delete all copies of the README_FOR_DECRYPT_YOUR_FILES.txt file.
3. Empty Recycle Bin to remove the ransomware elements completely.
4. Install a malware scanner and perform a full system scan to check if your system is fully clean.