A1Lock Ransomware

What is A1Lock Ransomware?

If A1Lock Ransomware can slither onto your system, it is quite possible that you will lose most of your personal files, including your photos and documents, as this vicious program can encrypt these in order to demand a certain ransom fee. Our malware specialists at anti-spyware-101.com say that it is always risky to transfer any money to cyber criminals for a supposed decryption key because they very rarely deliver or care at all. Once they have your money, you may not hear of them again, or what is worse, you may simply find yourself in the center of another malicious attack and you could be asked again to pay money to be able to use your computer or your files. We encourage you to regularly save backups of your most important files so that you can recover them after such a severe attack. Our specialists have found that this malicious program is indeed a new version built on an old infection called Globe Ransomware. If you find out that this threat has attacked you, we recommend that you remove A1Lock Ransomware right away even if it would mean losing your files. Of course, it is up to you how you decide; your money, your files. Before we tell you how you can eliminate this ugly threat, let us tell you more about it so that you may be able to avoid the next attack.test

Where does A1Lock Ransomware come from?

If you notice this ransomware on board, it is most likely that you have opened a spam e-mail lately that contained a questionable attachment that you tried to view. This infection can spread as a file attachment that is usually disguised as something else, such as an image, a document, or even a  password protected ZIP archive. The body of this spam mail generally tries to convince you that the attached file is very important for you to see as it contains detailed information about an urgent-looking matter that the whole mail is related to. If these criminals use a ZIP archive, you will find the password in the message, but we warn you not to use it because you would simply initiate this attack. The same is true for documents received in such a way because Word files and Excel files both can contain macro codes that can connect to remote servers and download this ransomware in the background once you enable macro as asked when opening such a malicious file. You need to become more cautious around your e-mails if you want to avoid such horrible consequences of one single click on the wrong content. Also, remember that when you get to deleting A1Lock Ransomware, your files will be all encrypted and rendered inaccessible. Please note that by removing this ransomware you do not recover your encrypted files.

How does A1Lock Ransomware work?

This new version of Globe Ransomware appends either ".troy" or ".707" extensions to the encrypted file names. This ransomware targets your images and documents mainly, which can cause serious devastation if you happen to store gigabytes of personal and family photos as well as important work documents. This is why it is so important that you upload your important files to cloud storage or save them regularly onto removable media. A ransom note .html file called "HOW_TO_RESTORE_FILES.html" is placed in all the affected folders.

This ransom note does not contain any name that refers to this attack as A1Lock Ransomware. This name was given by malware researchers taken from the source code. The note does not reveal the amount of money you have to pay as you are simply asked to write an e-mail to crypt@troysecure.me to receive further information regarding the payment. The price depends on how fast you can send the e-mail to these crooks. Altogether you are given 72 hours until your decryption key is deleted from the remote server. You can send up to three files to be decrypted for free as a proof that these criminals actually have your decryption key, but these files cannot exceed 10Mb in total size and they also cannot be ones containing important information. Our research shows that the demanded ransom fee may be 0.06 BTC, which is around 236 USD at the time of writing. You may consider it a low price for your valuable files, but we still do not think it is a good idea to deal with cyber criminals at all. You could be simply scammed and lose your money alongside all your precious files. We advise you to make the right move and remove A1Lock Ransomware as soon as possible.

How can I delete A1Lock Ransomware?

As a matter of fact, it is not even too complicated to eliminate this dangerous threat since it does not copy itself or use other files than the one you may have downloaded from the spam e-mail. After deleting this malicious executable file, you should also bin all the ransom notes as well. Please use our instructions below if you do not mind a bit of manual work. If you would prefer a more effective way to also protect your PC from future attacks, we advise you to install a reliable anti-malware tool, such as SpyHunter. Should you have any questions regarding the removal of A1Lock Ransomware, please leave us a comment below.

Remove A1Lock Ransomware from Windows

  1. Open your File Explorer by pressing Win+E.
  2. Identify all suspicious files you have downloaded recently. (These can be stored in default directories: Downloads, Desktop, %Temp%, %Appdata%)
  3. Delete these files, including all the ransom notes.
  4. Empty your Recycle Bin.
  5. Restart your computer. 100% FREE spyware scan and
    tested removal of A1Lock Ransomware*

Leave a Comment

Enter the numbers in the box to the right *