Takahiro Locker

What is Takahiro Locker?

Takahiro Locker is a highly malicious program that targets Japanese-speaking users and is most likely distributed in Japan only. If your PC becomes infected with it, then you must remove it immediately because it is designed to encrypt your personal files and demand that you pay a ransom for the decryption key that is required to decrypt them. This ransomware’s developers want you to pay 3 BTC which is 195, 306 Japanese Yen or 1883 US dollars. However, we want to point out that you might not receive the promised decryption key as this ransomware’s developers just might not send it to you.

What does Takahiro Locker do?

Now, let us start from the beginning. This ransomware is designed to encrypt the files stored on your computer. Once on your computer, it will open a dialog box with text that reads “WARNING RUNNING KILL ME.” If you click OK, it will scan your PC for file formats that include .txt, .jpg, .png, .bmp, .zip, .rar, .torrent, .7z, .sql, .pdf, .tar, .mp3, .mp4, .flv, .lnk, .html, and .php. Once the scan is complete, it will encrypt them using a strong encryption algorithm. Although there is currently no information about the particular encryption algorithm used, our security experts at Anti-spyware-101.com think that it most likely uses either the AES or the RSA encryption method. Once the files are encrypted, you cannot access or use them. While encrypting, it will append the files with the “.takahiro” file extension. Even though the list of files it encrypts is not very long,

This ransomware should generate a private decryption key that matches the public encryption key. However, the decryption key is not stored locally. Researchers say that the decryption key is uploaded to the Command and Control server. Once the encryption is complete, Takahiro Locker will launch its Graphical User Interface and show you the ransom note which is in Japanese. The note says that you have three days to pay the 3 BTC. If you fail to meet the deadline, then the private decryption key will be deleted from the server, and you will be unable to get your files back.

Now let us take a look at some of the information regarding this ransomware’s entry to your PC. Once this ransomware has dropped its payload, it will place a malicious file named update.exe in %Temp%\Google\Chrome, a folder that is made specifically for hosting this executable. It will also create a registry string named Google Chrome Update Check at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Google Chrome Update Check at featured value data of %Temp%\Google\Chrome\Update.exe and its purpose is to launch this ransomware once Windows boots up. It will also create another registry string named SENDING (but it can be named something else) at HKEY_CURRENT_USER\Software\Google\Update\SEND. This registry key is probably used to connect to this ransomware’s Command and Control server and send the private decryption key.

Where does Takahiro Locker come from?

From the information provided above, we see that this ransomware was most likely developed by a Japan-based developer since it is all in the Japanese language. For this reason, our security experts think that it is distributed in Japan-based websites as well. Nevertheless, it can also come as malicious email attachments. Researchers say that your computer can become infected with this ransomware if you visit a website that features a secret exploit that downloads this ransomware. Nevertheless, it might also be sent in malicious emails that feature zipped attachments that automatically download this ransomware when opened.

How do I remove Takahiro Locker?

As you can see, Takahiro Locker is nothing more than a highly malicious program whose objective is to infect your computer secretly and encrypt your files and then demand that you pay a ransom to get them back. As mentioned, if you do not click OK when you are shown the “WARNING RUNNING KILL ME” message then it will not encrypt your files. However, if you click OK, then this ransomware will encrypt your files. You should not risk paying the ransom because you might not get the decryption key. Moreover, we recommend that you remove Takahiro Locker using the guide location below or SpyHunter — our recommended anti-malware application.

Removal Instructions

1. Press Win+E keys.
2. Type %Temp%\Google\Chrome in the address box of File Explorer.
3. Find update.exe, right-click it and click Delete.
4. Empty the Recycle Bin.
5. Close the File Explorer.
6. Press Win+R keys.
7. Type regedit in the box and click OK.
8. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
9. Find Google Chrome Update Check and delete it.
10. Then, go to HKEY_CURRENT_USER\Software\Google\Update
11. Find SEND and delete it.

Download Removal Tool100% FREE spyware scan and
tested removal of Takahiro Locker*