Lomix Ransomware Removal Guide

The malware known as Lomix Ransomware appears to be based on an open source malicious program called CrytoWire Ransomware. The software was created for an educational purpose, but it looks like the cyber criminals found a way to use it for malicious purposes. While the educational version could be downloaded from a particular website, Lomix Ransomware might be distributed through harmful web pages, infected email attachments, etc. Also, it could be dropped by other malware, but since the application is programmed to lock only particular data from specific folders, the consequences of infecting the system with the malicious application might be not so severe. If you have not decided what to do yet, you could continue reading the article as we will not only present more information about the threat but also explain to you how to erase it.

Our specialists learned that the malicious Lomix Ransomware does not remove itself from the system after it finishes the encryption process. On the contrary, the malware should even create a copy of itself in the Common Files folder located in the %PROGRAMFILES(x86)% directory. Additionally, it may add a task in the %WINDIR%\System32\Tasks location. The task could open the malicious file in the Common Files folder each time the computer is restarted and so launch the infection. Then, the malware should lock user’s data, located in the %USERPROFILE% directory, with the AES-256 encryption algorithm.

The threat should not change any titles of encrypted files, but it may mark them with an extension, which might be placed in the middle of the file and its original extension, e.g. picture.encrypted.jpg. To unlock such data users would need to get the decryption tools from Lomix Ransomware’s creators. However, they offer the decryptor only for a particular price. The malicious application should place a ransom note once it finishes encrypting data from the mentioned directory. Just like the note says, users are supposed to exchange 500 US dollars into Bitcoins. There are no specific instructions on how to transfer the money, so to get such information you would probably have to contact the infection’s creators via given email address.

The reason we would not recommend paying the ransom is because no one can assure you that Lomix Ransomware’s creators have the decryptor and will send it to you as promised. From time to time, situations occur when users pay the asked price, but hear nothing from the malware’s creators. Thus, paying the ransom is always a risk, and you should consider such option extremely carefully, especially when the asked price is not so small. If you decide not to take any chances, you should not hesitate to erase the malicious program as soon as possible. For instance, if you have any copies of encrypted data somewhere else besides the infected computer, you could remove the threat and then replace the locked data with copies.

To eliminate Lomix Ransomware manually, you should locate its created files on the system and get rid of them. The instructions below should help you find and delete such data, but if the process appears to be too complicated, it would be better to use a reliable antimalware tool instead. It would detect the malicious data automatically and let you get rid of it with just one mouse click. Of course, if you need more help with the removal, you can contact us via social media or leave us a comment below.

Eliminate Lomix Ransomware

1. Open the Explorer (Windows key+E).
2. Navigate to Downloads, Desktop, Temporary Files, and other locations where the malicious program’s installer might have been downloaded to.
3. Locate the malicious file, right-click it and select Delete.
4. Find the particular path: %PROGRAMFILES(x86)%\Common Files
5. Search for a randomly named malicious file, then right-click it and press Delete.
6. Locate the following directory: %WINDIR%\System32\Tasks
7. Find a file with a random name of 10 digits, then right-click it and select Delete.
8. Close the Explorer.
9. Empty the Recycle Bin.