A new ransomware infection LockedByte Ransomware sharing similarities with Deos Ransomware, which our specialists analyzed some time ago, has been recently detected by specialists. It is not identical to Does Ransomware, but it performs the same activities. Of course, it is nothing very surprising because ransomware infections act similarly – they illegally enter computers, find where users’ important files are located, and then encrypt them all without mercy so that it would be easier to extract money from users. In the case of LockedByte Ransomware, it might also open a window on Desktop after encrypting your files. It will make it impossible to access Desktop and perform normal activities, e.g. surf the Internet. Do not expect it to disappear from your computer automatically soon because this will not happen – you need to remove it. Do this as soon as possible, and, please, do not pay a cent to cyber criminals even if you have found the most valuable files locked because there might be a way to decrypt files without the cyber criminals’ help. Users who make a decision to pay a ransom risk losing their money for nothing too because there are many cases when users get nothing after transferring the money required.
LockedByte Ransomware shares similarities with Deos Ransomware, so it should also encrypt files with the XOR cipher in %USERPROFILE%\Desktop, %APPDATA%, %TEMP%, %USERPROFILE%\Pictures, and other directories which might contain valuable files like pictures, images, and media files after successfully slithering onto computers. It also opens a window with a ransom note on Desktop, but this text is not the same Does Ransomware displays to its victims. If you see a window which you cannot close on your Desktop, and it claims that “Your files have been encrypted by LockedByte,” there is no doubt that you have encountered this infection. This window will not allow you to check whether or not your personal data has been locked, so do not rush to “pay 1000 dollars worth of bitcoin” to cyber criminals. In fact, you should not send them a cent even if you find your files encrypted because there are no guarantees that you could get your files back. Specialists say that the XOR encryption can be cracked quite easily, so a free decryption tool should be released soon. Also, users who back up their files periodically can recover the encrypted data from a backup. Of course, they need to erase a ransomware infection from their PCs fully before taking any action.
Specialists cannot tell much about the distribution of LockedByte Ransomware because it is not a popular threat, and, because of this, it is not easy to make conclusions. Even though not much is known about its dissemination, researchers at 411-spyware.com say that it must be distributed like other ransomware infections. First, it might arrive on computers when users open attachments from spam emails they get. Second, it might be advertised on third-party pages as a trustworthy application, and users might download it from the web voluntarily expecting that this piece of software will work in a useful way. Luckily, LockedByte Ransomware does not add itself to the Startup folder, does not make changes in the system registry, and does not disable system utilities, so you should not find its removal a task that is impossible to complete.
Have your files been encrypted by LockedByte Ransomware? If so, they will not be automatically unlocked after the removal of the ransomware infection. Of course, we do not try to say here that you do not need to erase it from your computer. It is always a bad idea to keep malware active on the system because it might help other threats to sneak onto your computer illegally. It is, surely, not the only problem which might arise, so go to uninstall LockedByte Ransomware today. You need to find the malicious file downloaded recently and remove it. It should be located in %TEMP%, %USERPROFILE%\Downloads or %USERPROFILE%\Desktop; however, if you cannot find it there, scan your system with an automated tool, such as SpyHunter. Click on the Download button you can find below to get a free diagnostic version of this malware remover.