ForceLocker Ransomware can paralyze your operating system and encrypt your files. All of that is done in the hopes of pushing you into emailing cyber criminals and following the instructions presented via a response email. Once this infection slithers into your operating system – which it does silently – it starts the encryption process right away. The encryption is silent as well, and so you cannot stop it unless you identify the launcher file as a malicious threat. All in all, the encryption process is very quick, and it is unlikely that many victims have enough time to disable the threat. Unfortunately, once the encryption is complete, the infection locks the screen using a strange notification, and so it becomes impossible to check the files. Notably, there are many infections (e.g., CryMore Ransomware) that only pose as file encryptors, and they also lock the screens to convince users that their files are encrypted. Unfortunately, that is not the case with this infection, and even if you delete ForceLocker Ransomware, your files will remain locked.
We cannot confirm yet which encryption cipher is used by ForceLocker Ransomware, but it is believed that AES-256 is employed. At least, that is the cipher mentioned in the ransom note that the ransomware displays. This note is truly intimidating as it suggests that files would be lost if the victim restarted the infected computer or even tried to decrypt the files themselves. There’s also a warning suggesting that the threat would make the decryption impossible after a certain period. The specific timeframe is not specified, as well as the ransom that must be demanded in return of a decryptor or a decryption key. Since there is not enough information that the victim could go on with, they are likely to email firstname.lastname@example.org. This email address is displayed at the bottom of the screen-locking message. Using a regular email address to contact cyber criminals is not a smart move because they can record the address and, later on, flood it with unwanted content. Even malware. So, if you decide to email the creator of ForceLocker Ransomware, be very cautious. Ultimately, you are unlikely to gain anything from it. The creator will respond to you with an additional demand to pay a ransom, and the chances of that being traded for a legitimate file decryptor are very slim.
Since you are unlikely to recover your files by paying the ransom requested by ForceLocker Ransomware, you might be looking into other options. Unfortunately, legitimate file decryptors will not help you in this case, and you might be able to recover files only if you have backups. The problem is that it might be hard to check if or not the encrypted files are backed up because, first of all, your PC is locked, and, secondly, the names of the files are changed to make them unrecognizable. Random alphanumeric characters are set in place of the regular names, and the “.L0cked” extension is appended at the end. This is exactly what ShellLocker Ransomware does to the targeted files as well, and it is believed that ForceLocker Ransomware is a new variant of this well-known infection. Overall, it is safe to say that the threat has encrypted personal files. Some of the extension that it is set up to target include .wmv, .avi, .mov, .bmp, .jpg, and .docx.
You need to reboot to Safe Mode if you want to check which files were encrypted. You also need to do that if you are thinking about removing ForceLocker Ransomware manually. If that is your choice, please follow the instructions below. If you want to install anti-malware software to erase the infection, you need to reboot to Safe Mode with Networking, so that you would have access to the web. Overall, regardless of which removal method you choose, your files will not be saved. If you want to prevent this from happening in the future, start backing up your files immediately. Do not rely on system restore because certain infections can disable it and delete backup copies. Also, employ security software to prevent malware from attacking again.
Reboot Windows XP, Windows Vista, or Windows 7:
Reboot Windows 8, Windows 8.1, or Windows 10:
Delete malicious components: