Takahiro Locker Removal Guide

We want to inform you about the release of a new ransomware-type infection known as Takahiro Locker. This program is dangerous because it is designed to infect your computer secretly and encrypt your personal files. Once the files have been encrypted it will offer you to purchase the decryption key that is in possession of this ransomware’s creator. Without a doubt, this malicious program’s objective is money extortion but be warned that you might not get the decryption key even after you pay. Therefore, we think that you should not take any risks and remove Takahiro Locker as soon as possible.

This ransomware was developed by a cyber criminal that is most likely based in Japan because this ransomware is in Japanese only. Therefore, we have little doubt that it can be distributed anywhere else. Indeed, we believe that this ransomware is distrusted in Japan only, especially since we have not heard of it infecting any computer outside of Japan.

Nevertheless, anyone can become a victim of this ransomware, provided that it is distributed on a website that is not restricted to visitors from outside Japan. Indeed, we suspect that Takahiro Locker is being distributed on a malicious website that contains an exploit kit. This exploit kit can be set to exploit the vulnerabilities of Java or Flash and download this program’s executable secretly. Nevertheless, it is also likely that this malicious application is distributed through email spam. The developer might have set up a server that spams random people with fake receipts, invoices and such that feature a malicious file attachment that drops Takahiro Locker when opened.

Our research has revealed that this program’s main executable is named update.exe and it is dropped in %Temp%\Google\Chrome. This is not a real Chrome folder and is created for the purpose of hosting update.exe. Furthermore, this ransomware will create a registry string named Google Chrome Update Check at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run to launch this ransomware on system startup and a string called SENDING at HKEY_CURRENT_USER\Software\Google\Update\SEND which is used to connect to Takahiro Locker’s C2 (Command and Control) server.

Once all of the files are in place, this ransomware will launch automatically and scan your computer for encryptable file types. Our research has shown that it is set to encrypt file types such as .txt, .jpg, .png, .bmp, .zip, .rar, .7z, .sql, .pdf, .tar, .mp3, .mp4, .flv, .lnk, .html, .php, and .torrent. As you can see, this ransomware targets images, videos, audios, and documents in particular as they are likely to have value to the victim. Take note that this program will present you with a dialog box that reads “WARNING RUNNING KILL ME!" If you click OK, then it will initiate the encryption. However, if you do not do that, then you can terminate update.exe’s process from Task Manager and delete it. This is the best case scenario. However, if you do not do that, then this ransomware will encrypt your files using an advanced encryption algorithm and prevent you from accessing the files as a result. All encrypted files are appended with the .takahiro file extension.

Once the encryption is complete, Takahiro Locker will initiate its ransom note colored in red. The note in Japanese and it requests that you pay 3 Bitcoins (an approximate 1887 USD) for the decryption key that you can get only from this ransomware’s developer. At present, there is no free decryption key to decrypt your files, and the chances are that the developer will not send you the key once you have paid. Take note that this ransomware gives you three days to pay the ransom or the developers will delete the decryption key after the three days have passed.

Without a doubt, Takahiro Locker is a highly malicious program that can encrypt your personal files and demand money to decrypt them. If you want to remove Takahiro Locker, then we recommend using our guide located below. Alternatively, you can use SpyHunter which will get rid of it for you. Both methods are effective although removing this ransomware manually is not foolproof as the names of its files and registry keys are subject to change.

How to delete this ransomware’s executable file

1. Hold down Windows+E keys.
2. Type %Temp%\Google\Chrome in the address box of File Explorer.
3. Locate update.exe, right-click it and click Delete.
4. Empty the Recycle Bin.
5. Close the File Explorer.

How to delete this ransomware’s registry string

1. Hold down Windows+R keys.
2. Type regedit in the box and click OK.
3. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
4. Locate Google Chrome Update Check, right-click it and click Delete.
5. Go to HKEY_CURRENT_USER\Software\Google\Update
6. Find SEND and delete it.