LockOn Ransomware is a new malicious program that seem like a work still in progress but it does not mean it cannot or will not harm your files by encrypting them. This current sample that we have found spreading actually only targets one single folder on your desktop that most users may not even have. It also only encrypts files if you press a button on the ransom note application window. Nevertheless, this trial version could easily become a destructive beast in no time and this is why it is important for you to understand how this ransomware has managed to sneak onto your system without your knowledge and how you can prevent the next attack from happening. One of the best things you can do is keep a regular backup on a removable drive or in cloud storage. Although in this particular case you may not need it as your files are most likely untouched by this ransomware, it is still important that you think of possible future attacks and protect yourself, i.e., your precious files. We strongly recommend that you remove LockOn Ransomware from your system right away and make sure that there is no other threat hiding on your system. Please read our full report on this malicious threat if you want to understand more how this ransomware works and how it can slither onto your system in the first place.
If you find this malware infection on your computer, you may have opened a spam e-mail and viewed its file attachment. Spamming campaigns are widely used by cyber criminals to infect unsuspecting users in great numbers within a short time frame. Such a spam can be very deceiving and appear to be totally normal and authentic. The most usual matter a spam like this claims to regard is an issue with an alleged invoice. It could be that you have not paid this invoice or you gave wrong data like banking details. But it could be anything really that would draw your attention to this mail right away. Opening a spam might already be dangerous since some more sophisticated schemers may hide malicious codes that could be triggered and drop an infection behind your back. But in this case, it is more likely that you need to run the attachment to initiate this malicious attack. This attachment can appear to be an image file or a text document. However, when you click to view it, it activates this attack and normally this is the point of no return. You are only lucky that this time you can delete LockOn Ransomware from your computer. But what about next time when a finished threat may sneak onto your system? All your important files could be rendered inaccessible in a matter of minutes and you could lose them all. This is why you need to be more cautious with your mails.
Of course, this may not be the only way for such an infection to enter your system without your knowledge. You may, for example, get redirected to a malicious webpage that is created using Exploit Kits that can take advantage of outdated software bugs and drop this infection or any other ransomware program if you are that unlucky. Please note that malicious codes can be triggered the moment such a page loads in your browser and there will be no way back from that moment to save your files once a ransomware infection manages to start up covertly. In order to save yourself from the headache of possibly losing your files or having to delete LockOn Ransomware or any other from your computer, you should make sure that your browsers as well as your drivers are all regularly updated.
After you run this malicious program, its application window comes up on your screen, which is indeed its ransom note. Although, at this point there has been no encryption at all, this note claims so. You can choose from 5 languages, including English, French, Spanish, Turkish, and Italian. We believe that this current sample is only a test run of an unfinished product because of certain traits it exhibits. For example, the encryption of your files only starts after pressing the "Check" button in the applications window. So, if you fail to click on that button, there is no encryption at all. Then, this ransomware threat only targets one single folder, "%HOMEDRIVE%\Users\Exploits\Desktop\test," which may not even exist on your desktop. Guess what happens, when you do not have such a folder; well, no encryption takes place as you may have guessed. Still, it would be a very bad idea not to take this infection seriously and not to remove it from your computer.
If any encryption happens, this ransomware changes the original file name to random characters and appends ".lockon" extension (e.g., "4$oQzn!V2#.lockon"). If you press the "Fake paye (test)" button in this application window, the program drops "Key.txt" on the desktop, which contains the unique decryption key for your computer that actually works. Since this malicious threat does not start up automatically with Windows, you do not have to worry about it activating again to ruin more of your new files or to bug you with its ransom note window. Although there may be no damage done to your files, it is important for us to mention that paying any ransom fee such criminals may demand from you for the decryption key or a decryption tool could be futile because crooks very rarely deliver as promised. We advise you to remove LockOn Ransomware without a second thought.
Before you could locate and bin the related malicious file, you need to kill the malicious process via Task Manager. We have included our guide right after this article that you can follow and rid your computer of this almost-dangerous threat. These steps may not be difficult at all even for an inexperienced user, but you may feel more secure if you are using an automated tool to do all the work for you. Thus, we recommend that you find and install a trustworthy malware removal application like SpyHunter if you want to give your PC the best protection possible.