Click on screenshot to zoom
Danger level 7
Type: Trojans

Lokas Ransomware

Lokas Ransomware appends the .lokas extension to the data it encrypts and displays a ransom note. Thus, there is no doubt the malicious application was developed for money extortion. Users who may encounter such a threat should know that there are no guarantees its creators will provide a decryptor, even though they may promise it. Therefore, we advise not to rush and consider all options carefully. For starters, it would be best to learn all essential details about this malware, such as where it might come from, how it works, and, of course, how to eliminate it manually. To assist our readers with Lokas Ransomware’s removal, we are adding step by step instructions at the end of this article. Provided you have any questions about the malicious application, you can leave us a message below the removal steps too.

The first thing we ought to discuss is how the malware could be spread. According to our researchers, Lokas Ransomware should be spread the same as other ransomware. Through Spam emails, malicious file-sharing websites, harmful pop-ups, and so on. Thus, there are a few things you should do if you do not want to come across such a threat. First of all, we advise keeping away from files delivered via email if you are not sure about their reliability.

For example, if you do not understand why you received a file or do not know who sent it or it came with Spam, you should not open such a file before you scan it with a trustworthy antimalware tool. In truth, to be safe, you should examine all unreliable files. Next, we recommend against visiting websites that may offer pirated software, unknown freeware, or other suspicious content. If you need a particular tool, you should download it from its official website instead. Then we also advise not to click on doubtful pop-ups or similar content you could encounter while surfing the Internet if you do not want to receive threats like Lokas Ransomware.

The malicious application should not draw any attention, which means users who come across it may not realize what is happening before it gets too late. At first, Lokas Ransomware should create a couple of folders with CLSID type of titles in the %LOCALAPPDATA% and %USERPROFILE%\Local Settings\ApplicationData directories. CLSID is a 128-bit integer number made from random characters. After creating these folders, the malware might drop a couple of tasks called Time Trigger Task in the %WINDIR%\Tasks and %WINDIR%\System32\Tasks directory. Last but not least, the malicious application might create a Registry entry in the HKCU\Software\Microsoft\Windows\CurrentVersion\Run location.

Soon after creating the files mentioned earlier, Lokas Ransomware should start encrypting user’s files. As usual, the malware targets private data like photos, pictures, various documents, and so on. During the encryption process, each file should receive the .lokas extension, which means data affected by the threat should have a double extension. For instance, a file called text.docx may turn into text.docx.lokas. Then, the malware should show a ransom note called _readme.txt. It contains a message explaining what happened to data on the infected device as well as asking to contact the malware developers.

As you can probably imagine, the ransom note talks about having to pay for decryption tools. For the first 72 hours, the decryptor’s price is 490 US dollars, and afterward, it becomes 980 US dollars. The sums are quite vast, and since there are no guarantees users who pay will get what they are promised, we do not advise paying if you do not want to risk your money. Instead of buying decryption tools from the threat’s developers, you could try to find the free decryptor created for Stop Ransomware. Since Lokas Ransomware is from Stop Ransomware family, the same decryption tool should work for its affected data too. Also, users who have backup copies can replace encrypted files with them.

Naturally, it would be safer to get rid of Lokas Ransomware before doing anything. The first option is to remove the malware manually, and the instructions available below can explain to you how to do it. The second option might seem less complicated as it only requires installing a reliable antimalware tool of your choice. Just scan your computer with it and click the given deletion button to erase all detected threats at once.

Remove Lokas Ransomware

  1. Click Ctrl+Alt+Delete.
  2. Choose Task Manager and select Processes.
  3. Find a process belonging to the threat.
  4. Mark it and click End Task.
  5. Exit Task Manager.
  6. Click Win+E.
  7. Find these paths:
  8. Find the malicious application’s launcher (suspicious recently downloaded file), right-click the installer and press Delete.
  9. Navigate to:
    %USERPROFILE%\Local Settings\ApplicationData
  10. Look for malicious and recently created files with CLSID type titles (e.g., 3e90e849-118c-45df-8851-8fb9bdfc0826), right-click them and select Delete.
  11. Find these paths:
  12. Look for tasks called Time Trigger Task, right-click them and select Delete.
  13. Find and right-click files called _readme.txt or similarly, and select Delete to erase them.
  14. Exit File Explorer.
  15. Press Win+R.
  16. Type Regedit and press Enter.
  17. Go to this path: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  18. Locate a value name called SysHelper, right-click it and press Delete.
  19. Exit Registry Editor.
  20. Empty Recycle bin.
  21. Restart the system.
Download Spyware Removal Tool to Remove* Lokas Ransomware
  • Quick & tested solution for Lokas Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.