LockedByte Ransomware

What is LockedByte Ransomware?

LockedByte Ransomware is a modified version of Deos Ransomware, which specialists working at anti-spyware-101.com analyzed some time ago (you can find their report on this threat on our website). Although specialists have detected and analyzed it recently, it could have affected a number of computers already. Most probably, you are one of its victims if you are reading this article. What you need to do if it is true is to remove LockedByte Ransomware fully from the system. Do not pay attention to its ransom note, and do not send money to get your files decrypted because they might stay the way they are even if you make a payment to cyber criminals behind this ransomware infection. It is nothing new that this threat demands money because all ransomware infections act the same – they try to obtain money from users. Do not give the author of this nasty infection a cent and better go to remove it as soon as possible. Keeping malware active might result in hundreds of security-related problems. Also, your screen will stay locked if you already see a window opened by LockedByte Ransomware, meaning that you could not freely use your computer. Last but not least, the ransomware-type infection might strike again and encrypt more files.

How does LockedByte Ransomware act?

Users with Windows 7 or Windows 10 running on their computers are lucky – their files should not be encrypted because it seems that LockedByte Ransomware is not compatible with these two versions of the Windows OS. Unfortunately, other users will find files having these extensions encrypted: .txt, .html, .png, .jpg, .mp3, .mp4, .wmv, .db, and .exe after the successful infiltration of LockedByte Ransomware. All these files will get a random extension appended to them, but it will become clear that they have been locked even if you do not notice it because you simply could not open them. On top of that, you might also see a screen-locking window on Desktop. It might not even allow you to access any of your files. Its first sentence explains what has happened to files: “Your files have been encrypted by LockedByte.” Then, users are told that they could get them back by paying “1000 dollars worth of bitcoin” to the Bitcoin address provided. Researchers have managed to find out that LockedByte Ransomware uses the XOR cipher, which is quite weak, so it might be possible to crack it and get files back without paying money to cyber criminals, so you should not rush to send them money. On top of that, files can be easily recovered from a backup after the full deletion of LockedByte Ransomware. As you can see, the entrance of a ransomware-type infection does not necessarily mean that you have lost your files permanently.

Where does LockedByte Ransomware come from?

LockedByte Ransomware is not being spread very actively at the time of writing because it is a new infection, but, according to our researchers, standard distribution methods should be used to disseminate it. That is, it should be distributed as an attachment in spam emails, or it might be placed on various P2P websites and presented to users as an application that can act in a beneficial way. It will start working the second it successfully enters the system, so it will become clear quickly that you have become a victim of a nasty threat. As you already know, it checks %USERPROFILE%\Desktop, %APPDATA%, %USERPROFILE%\Documents, %USERPROFILE%\Music, %USERPROFILE%\Pictures, %USERPROFILE%\Videos, and %TEMP% directories the first thing. Then, the most valuable files found there are encrypted. This is nothing new – all ransomware infections perform these activities so that they could extract money from users easily.

How can I remove LockedByte Ransomware from my PC?

If you have found your screen locked by LockedByte Ransomware, the first thing you need to do is to boot into Safe Mode so that you could access your Desktop and remove this threat from your computer. Then, you need to remove all recently downloaded files to get rid of the ransomware launcher. Instructions you can find below this article will help you, but you should know that you can erase this file-encrypting threat automatically too. Boot into Safe Mode, download a reputable automated tool from the web, and then launch it to erase the ransomware infection. Unfortunately, it could not unlock files encrypted by LockedByte Ransomware either.

How to delete LockedByte Ransomware

Boot into Safe Mode

Windows 7/Vista/XP

  1. Restart your computer.
  2. Start tapping F8 in 1-second intervals when you see BIOS loading.
  3. Use arrow keys on your keyboard to select Safe Mode from the Advanced Boot Options menu.
  4. Press Enter.
  5. Go to delete LockedByte Ransomware.

Windows 8/8.1

  1. Press the Windows key + C simultaneously.
  2. Click Settings.
  3. Click on the Power symbol, hold down the Shift key, and then click Restart.
  4. Select Troubleshoot under Choose an option.
  5. Click Advanced options.
  6. Click Startup Settings.
  7. Click on the Restart button.
  8. Tap F4 on your keyboard.
  9. Remove the ransomware infection.

Windows 10

  1. Click on the Start button (bottom-left corner).
  2. Click on the Power button.
  3. Hold the Shift key and click Restart.
  4. Click Troubleshoot.
  5. Select Advanced options.
  6. Click Startup Settings.
  7. Click on the Restart button and tap F4 to enable Safe Mode.
  8. Remove malicious software from your PC.

Remove the ransomware infection

  1. Press Win+E simultaneously.
  2. Go to %TEMP%, %USERPROFILE%\Downloads, and %USERPROFILE%\Desktop (enter the directory in the URL bar to access it).
  3. Delete all suspicious files you find there and empty the Recycle bin. 100% FREE spyware scan and
    tested removal of LockedByte Ransomware*

Leave a Comment

Enter the numbers in the box to the right *