There are malicious programs that transcend their primary targets and infect platforms that run on various operating systems. Coin Locker is a malicious ransomware application that was first targeted at Android devices, but now it may affect Windows operating system as well. The most annoying thing about this infection is that you cannot remove Coin Locker per se. Once it has released its payload, Coin Locker deletes itself automatically, so there is no actual malicious program for you to deal with. What you need to take care of, however, are countless encrypted files that are left behind.
Previously, this program was called Torlocker before it changed its name to Coin Locker. Like most of the ransomware applications that encrypt user’s files, this malicious infection usually spreads through spam email messages. If you have recently received an email from an unknown sender and it has an attachment, you should NEVER open it. By opening an unfamiliar attachment, you may infect your system with Coin Locker and other malicious programs. What’s more, the installer file for Coin Locker might be embedded in various pop-up ads that spring up into your computer screen when you access commercial websites.
Needless to say, Coin Locker is not the only malicious application that can enter your system through these distribution methods. The only difference is that, while you can remove most of the potential system threats, Coin Locker comes in and out without leaving any file to delete, but severely crippling your system. Our security researchers say that Coin Locker is a nasty infection that utilizes Windows App cipher to encrypt your files, and this encryption affects almost any file you have on your PC, including .doc, .txt, .exe extension files, and many more. In some cases, Coin Locker may leave some Windows directive files, browser files, and .dll files be, because it still requires users to access the Internet in order to transfer the ransom fee.
When Coin Locker enters your computer, it displays a Coin.Locker.txt on your screen with the following message:
You have been infected with the Coin Locker malware.
All files on this system have been encrypted.
To regain access to your file you will need the Coin Locker decryption software.
In order to obtain this “decryption software,” Coin Locker redirects you to torproject.org to download TOR and then access the website that is indicated in the message. There you need to follow the steps to download additional software, but it clearly involves paying the ransom fee. Our security researchers warn that paying the fee does not guarantee Coin Locker will provide you with the actual decryption key.
Since it is not possible to remove Coin Locker from your system (as the program automatically deletes itself), you need to refer to computer security experts in order to see whether it is still possible to salvage your files. It would be for the best if you had a file backup on an external hard drive or there was a system restore point on your computer. What’s more, you should also invest in a resilient computer security program that would help you safeguard your system against similar intruders.