Locklock Ransomware

What is Locklock Ransomware?

Locklock Ransomware is a malicious application whose sole purpose is to extort money from you, and it is set to do that by encrypting your files. We recommend that you remove it from your computer as soon as possible, but if it already has encrypted your files, then it is too late to do anything about that. There might be a free decryption tool released in the near future, but, currently, the only way to get your files back is to purchase the decryptor form this ransomware’s developer. However, we advise you not to do this because you might not get the decryptor once you have paid for it. To find out more about this ransomware, please read this whole article.

Where does Locklock Ransomware come from?

The origins of this ransomware are unknown, but our security analysts have found that this ransomware is configured to work in China only. Hence, it does not work if you accidentally or purposefully infect a computer that is based in some other country. Once on a computer, this ransomware is set to connect to its Control and Command server at locklock.net/tmp/savekey.php which also hosts the private decryption keys for each unique user. Researchers say that the ransomware recognizes the IP address and does not work in case it is outside of China. Unfortunately, changing the VPN will not help Chinese users to avoid their computers from becoming infected with Locklock Ransomware.

Our security experts at Anti-spyware-101.com have received information regarding this ransomware’s origins. The received information claims that this ransomware is distributed using phishing emails that either feature links to this ransomware’s direct download or a zipped file attachment that drops the main executable on the computer once it has been opened. We have also received reports claiming that this program is also being dropped by Trojans featured on infected sites. In any case, the infection is set to enter your PC using deceptive methods, so be sure to use caution when opening strange emails and refrain from browsing shady websites.

What does Locklock Ransomware do?

Once on your computer, Locklock Ransomware will scan for files of interest with an emphasis on files such as documents, images, videos, audios, and applications. It will encrypt them using the AES-256 encryption algorithm. AES stands for Advanced Encryption System and 256 is the size of the encryption key in bits. This encryption method is quite strong, and this ransomware generates a unique encryption key and a unique decryption key that must match to decrypt the files. However, this key is set to this ransomware’s Command and Control server and the only way to get it is to pay the ransom or, rather, purchase the decryption tool from the developer of this ransomware.

While encrypting your files, Locklock Ransomware will append them with the .locklock file extension and then drop a text file named READ_ME.TXT on the desktop. This file serves as a ransom note, and it says that your computer has been hacked (which is true,) but the note makes no mention that the same person who got your computer infected with this ransomware is offering you the solution as well. The ransom note goes on to state that you need to contact someone via locklockrs@aol.com or Skype (Skype name “locklockrs.”) However, there is no guarantee that you will get the decryption program you have paid for, so we recommend that you not pay the ransom and deal with this malicious application.

How to remove Locklock Ransomware?

We hope that you found this article informative. As you can see, this ransomware only targets users based in China and will not work in other countries. It uses a strong encryption algorithm, so the only way to decrypt the files at this time is by purchasing the decryptor from this ransomware’s creator. However, there is no guarantee that you will get the decryptor, so we suggest that you delete Locklock Ransomware instead. You can use the manual removal guide below or our suggested antimalware tool SpyHunter that will make light work of this infection.

Removal Guide

1. Hold down Windows+E keys
2. Type the following paths in File Explorer’s address box and hit Enter.
   • %USERPROFILE%\Downloads
   • %USERPROFILE%\Desktop
   • %TEMP%
   • %ALLUSERSPROFILE%\Start Menu\Programs\Startup
   • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup
   • %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
3. Find the the malicious .exe file.
4. Right-click it and click Delete.
5. Empty the Recycle Bin.

Download Removal Tool100% FREE spyware scan and
tested removal of Locklock Ransomware*