Relock Ransomware

What is Relock Ransomware?

Relock Ransomware can infiltrate your system behind your back and encrypt your personal files so that it can extort money from you for the unique decryption key that is need for you to be able recover your files. This malicious program is coded in C++ and has lots of similarities with Matrix9643@yahoo.com Ransomware. In fact, our malware specialists at anti-spyware-101.com say that this new ransomware malware infection could be a new variant of this previously mentioned ransomware. In any case, if this dangerous threat encrypts your files, there seems to be no way out. Even paying the ransom fee should be considered risky and you also need to understand that only in a few cases it actually happens that cyber criminals decrypt the victims' files or send the key to them. Please also keep in mind that paying any amount of money to such villains is as good as supporting them to commit further online crimes. All in all, we recommend that you remove Relock Ransomware from your computer immediately. Please read on to learn more about this vicious attack and how you can avoid similar ones in the future.test

Where does Relock Ransomware come from?

There are a couple of ways for ransomware infections to spread on the web but spamming campaigns are probably the most widely used. This means that it is quite likely that you have received and opened a spam e-mail recently. Not only that, you must have tried to view its attachment, too. This attached file is indeed the malicious executable that will start up the whole malicious attack. Without clicking to see the content of this file, you could still be safe and your files not encrypted. Of course, it is not that easy to spot such a spam and resist the temptation to want to see its attachment. These cyber crooks have evolved a lot in the past years and become sort of self-made psychologists to understand more about a basic human trait, curiosity. However, this curiosity may cost dearly for victims. If you are in doubt as to the reliability of an e-mail, you should always try to contact its sender. It seems like a bad idea to open the attachment to see whether it really concerns you or it is a simple mistake that you got it. Since you cannot delete Relock Ransomware without the possible destruction of your personal files, we strongly recommend that you pay more attention to prevention and backup your files regularly.

It is also possible that you infect your computer with such a ransomware via Exploit Kits. This would mean that you click on an unsafe third-party ad or any other corrupt content offered by a suspicious website or a malware infection (e.g., adware) hiding on your computer, and you get redirected to a malicious webpage set up with such kits. Loading this page will trigger the malicious codes on this page and this ransomware could be dropped and activated without your knowledge. There is one easy and free way to avoid such attacks and it is to keep all your browsers and drivers (Java and Adobe Flash) always up-to-date if you do not want to end up having to remove Relock Ransomware from your system.

How does Relock Ransomware work?

When you run the downloaded malicious file, it creates a copy of itself in "%LOCALAPPDATA%\Microsoft\[8 random characters].exe" and a PoE (Point of Execution) in "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[8 random characters].exe" as well. It seems that this ransomware mainly targets your documents and archives. After the encryption "_[RELOCK001@TUTA.IO]" is inserted between the file name and its original extension, so your encrypted files will look something like: "myimage _[RELOCK001@TUTA.IO].jpg." It is possible that this dangerous program cleans up its main files after its job is done.

This ransomware drops a ransom note called "!OoopsYourFilesLocked!.rtf" in every infected folder. Strangely enough, it also creates 30 ransom notes, "!OoopsYourFilesLocked!1.rtf" up to "!OoopsYourFilesLocked!30.rtf," on your desktop just in case you may not find them. This ransom note informs you that you have to send an e-mail to "relock001@tuta.io" with your personal ID as your subject line. You can send up to 3 small and unimportant files as well so that your attackers can decrypt them for free to prove they have the key. You need to hurry because every 12 hours the ransom fee increases automatically. We have no information on the amount of this fee but it could easily be hundreds of US dollars worth of Bitcoins. If you fail to react within a week, your decryption key will be deleted from the secret remote server. Nevertheless, we advise you to remove Relock Ransomware right away.

How can I delete Relock Ransomware?

We have mentioned that it is possible that this ransomware actually cleans up after itself. However, this may only include the copied executable and the PoE. In any case, we have prepared our instructions for you below that also includes the removal of these files. Please follow our instructions if you are ready to act manually. It is possible that you would prefer an automated tool like an anti-malware program (e.g., SpyHunter). We advise you to install a reliable one to keep your PC secure from all known malware infections.

Remove Relock Ransomware from Windows

  1. Press Win+E to open File Explorer.
  2. Try to locate the PoE, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[8 random characters].exe" and if you can still find this malicious file, delete it.
  3. Try to locate the copy of the malicious executable, "%LOCALAPPDATA%\Microsoft\[8 random characters].exe" and delete it if found.
  4. Search your download folders for any suspicious files you have saved recently and delete them all.
  5. Bin all the ransom note files from the affected folders and the desktop as well.
  6. Empty your Recycle Bin.
  7. Restart your PC. 100% FREE spyware scan and
    tested removal of Relock Ransomware*

Stop these Relock Ransomware Processes:

75c5F32e.exe

Remove these Relock Ransomware Files:

75c5F32e.exe
!OoopsYourFilesLocked!1.rtf
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *