What is Locked Ransomware?
Locked Ransomware can slither into your operating system without any warning; however, once installed, it uses different methods to introduce itself to you. According to the research conducted in our Anti-Spyware-101.com internal lab, it is possible that this ransomware will be silently installed along with other malicious infections, or it could be concealed as a fake attachment to a misleading spam email. Once unleashed, this infection will use a text file and a Desktop background image to introduce itself to you. All of this can be done with one malicious file whose location and name are very unpredictable. Of course, it is unlikely that you will think about deleting Locked Ransomware right after realizing that your personal files are encrypted. In fact, if you remove this ransomware, your files will remain encrypted, and you might lose your opportunity to fulfill the demands of cyber crooks.
How does Locked Ransomware work?
Immediately after encrypting your files, Locked Ransomware will change the background image to point you to the text file on the Desktop. This file is called "READ_IT.txt", and it includes all of the information regarding the ransom payment. According to this information, you have 72 hours to pay a ransom of around ~$200 in Bitcoins. The ransom fee is very specific (e.g., 0.50097 BTC) in every case because it is meant to reveal your decryption key. If you choose to the pay the ransom, a decryption key, at some point, should appear on let-me-help-you-with-that.webnode.com. Because all keys are shown on the same page, your particular ransom sum should show up next to your decryption key. The instructions provided by Locked Ransomware are very extensive, and they are followed by an explanation and security tips by the creator of this malicious ransomware. Here is the explanation that they have come up with.
In 72 hours, you will never be able to get these files open. I don't much like people struggling against the powerful, and there is no way for you to argue for an extension. Just make it happen.
So just be thankful that it wasn't worse. I could have asked for more money. I could have been working for ISIS and saving that money to behead children. I could have been a mean SOB and just destroyed your data outright. Am I those things? No. I just need the money to live off of (true story) and don't care at all about the hacker "community". So there isn't anyone you will be protecting by sacrificing yourself. I'll just encrypt more people's data to make up for the loss.
As stated in the file, Locked Ransomware uses AES encryption system to lock your personal files which is done by adding bytes to your files. Just like JobCrypter Ransomware, this ransomware adds the “.locked” extension to your file, which makes it easier to identify the encrypted files. Speaking of files, we have found that many different types of files are targeted by this malicious threat, including .txt, .doc, .gif, .jpg, .html, .mpg, and .msg. The good news is that more and more users are using backup systems to protect their files. If your photos, documents, and other sensitive files are backed up, you do not need to worry about this ransomware. Delete it without further hesitation, and follow the tips within the READ_IT.txt file. These tips include installing reliable security software, acting carefully when online, and backing up personal files. The creators of this malicious ransomware are truly devious, but – we have to give it to them – they know what they are talking about when it comes to taking care of your security.
How to eliminate Locked Ransomware
If you cannot find an alternative method to decrypt your files, you might choose to pay the ransom. Although we do not recommend this, you are the one making the final decision and taking responsibility for all the consequences. The bad news is that there are no guarantees when it comes to this devious ransomware, and you might find that your ransom payment is put to no use. Hopefully, that is not the case, and you can save your files from being locked forever. Whether or not you manage to decrypt your files, make sure you take the necessary measures to ensure that your operating system cannot be attacked by ransomware or other kinds of malicious programs in the future. The first step we recommend taking is installing a reliable security tool, and, if you decide to install it, you can forget about removing Locked Ransomware manually. The manual removal of this ransomware can be quite complicated because its files could be located anywhere with any kinds of names. An anti-malware tool can easily identify a malicious file and erase it from your computer within a few moments.
- Run a malware scanner to identify the location of a malicious executable. You can acquire a reliable scanner from http://www.anti-spyware-101.com/spyhunter .
- Right-click and Delete the malicious file in its original location as well as %AppData% (tap Win+E to launch Explorer and enter the name of this directory into the address bar to access it).
- Move to the %USERPROFILE% directory.
- Right-click and Delete two files called “Decrypter.exe” and “ransom.jpg”.
- Right-click and Delete the READ_IT.txt file found on the Desktop.
- Run a malware scanner one more time to make sure that your operating system is clean.
tested removal of Locked Ransomware*100% FREE spyware scan and