Lick Ransomware

What is Lick Ransomware?

Malware analysts at have recently tested a program called Lick Ransomware and found that it is a variation of the infamous Kirk Ransomware. Needless to say, you have to remove it because all it can do is encrypt your personal files and demand you purchase the decryption key from its developers. The key does not come cheap, and you are required to pay the ransom in the Monero cryptocurrency. For more information on this highly malicious program, we invite you to read this whole article.testtesttest

Where does Lick Ransomware come from?

Our malware researchers have found that this particular ransomware is distributed in a creative and unique way. Unlike, most ransomware that is distributed via malicious emails, this one is distributed as a ransomware decrypting tool. Indeed, it preys on people that already had their files encrypted and encrypts them again. Research has shown that the executable file is named FileDecrypter.exe and its screen name is FileDecrypter, and its file version is v1.0.1.0. We do not know of any websites that currently host the download of this fake decryption key, but you should watch out for shady freeware distributing websites.

What does Lick Ransomware do?

If Lick Ransomware manages to get onto your PC, then it will start encrypting your files immediately. Researchers say that this particular ransomware can encrypt hundreds of file formats that include but are not limited to .jar, .xls, .cpp, .xml, .pptx, .bmp, .avi, .doc, and many others. While encrypting them, it will append the files with the .licked extension which indicates that the file was encrypted. Once the encryption is complete, it will drop two files named "pwd" and "stats.txt" respectively in the launch location. Also, it creates a file called _MEI40922 in %TEMP%, but we do not know what this file is for. This ransomware uses the AES encryption algorithm which is very strong, and we know of no decryption key that could crack this ransomware’s encryption.

It also drops a file named RANSOM_NOTE.txt which contains information about how you can pay the ransom. The note says that you have to purchase Monero coins to pay the ransom. And the ransom is set to increase every few days if you fail to pay immediately. Initially, the ransom is 50 (1200 USD) Moneros coins, but it can go up to 500 (12000 USD) if you fail to pay within two weeks. That is all of the information we currently have on this ransomware, If you PC has become infected with it, then you ought to remove it as soon as the opportunity arises.

How do I remove Lick Ransomware?

In closing, Lick Ransomware is one highly malicious computer infection that can encrypt your most valuable personal files and demand you pay an outrageous 1200 USD ransom (initially) which is set to increase with time. You cannot trust the cyber criminals to keep their end of the bargain and send you the decryption key. Therefore, we recommend that you remove it from your computer as soon as possible. Please follow the instructions below on how to get rid of this malicious application. Note that you can also use an antimalware application such as SpyHunter to delete it for you.

Removal Guide

  1. Locate and deletethe following files.
    • FileDecrypter.exe
    • RANSOM_NOTE.txt
    • ERRORLOG.txt
    • PWD
    • stats.txt
  2. Right-click them and click Delete.
  3. Press Windows+E keys.
  4. Enter %TEMP% in the File Explorer’s address box.
  5. Hit Enter.
  6. Find _MEI40922 (name can be random), right-click it and click Delete.
100% FREE spyware scan and
tested removal of Lick Ransomware*

Leave a Comment

Enter the numbers in the box to the right *