LCK Ransomware Removal Guide

LCK Ransomware is a terrible infection, and you need to protect your system and your files against it. If you have not faced this malware yet, immediately secure your system and create copies of all important documents, photos, and other unique, personal files. Store these copies on an external drive or a virtual cloud drive. If you take care of this, you will always have an escape if something happens to the original files. Have you been hit by the ransomware already? Hopefully, you have backups, and once you delete LCK Ransomware, you can use them for replacements. What if that is not an option? There is one other thing you could try doing, and we discuss that in this report. We also discuss the different removal options you have to eliminate the ransomware. Please keep reading, and put down all questions you might have in the comments section. We will get to them as soon as possible.

Since the malicious LCK Ransomware is meant to slither in silently, you might not even notice this threat right away. According to our researchers, you have to be especially careful about misleading spam emails and bundled downloaders if you do not want to let this malware in yourself. If the infection invades your system successfully, it immediately corrupts your files. It encrypts them, which means that the data of your files is scrambled to make them unreadable. The “.id-{unique code}.[triplock@tutanota.com].LCK” extension is also added to the files to help victims understand the vast damage of the infection. This is how many victims of LCK Ransomware are likely to discover that their systems were infected. They also could learn about the invasion of the ransomware via the “FILES ENCRYPTED.txt” file that is dropped by the cybercriminals to deliver a message. According to it, victims must email triplock@tutanota.com (the same address is included in the corrupted files’ extension) or triplock@cock.li.

Our researchers are not surprised by the actions and demands of LCK Ransomware. First of all, this threat is similar to most file-encrypting threats. Furthermore, it is a clone of Roger Ransomware, 8800 Ransomware, and many other well-known threats from the Crysis/Dharma Ransomware family. The word “family” should be used loosely in this case because it does not look like most of these clones are bound by the same attackers. Instead, they are identical simply because they were created using the same template, so to speak. They even use the same ransom note, which is just a collection of a few simple words that are meant to point victims to the right email addresses. Have you emailed the attackers behind LCK Ransomware? Hopefully, you have not because once that is done, you might be unable to shake off the continued avalanche of spam. Even if you agree to pay the ransom – which is the ultimate goal of the attackers – you are unlikely to stop the spam, and, on top of that, you are unlikely to get the promised decryptor either. Well, have you heard of Rakhni Decryptor? It is free and it is legitimate, but it does not guarantee full decryption. Keep that in mind.

Hopefully, you are ready to remove LCK Ransomware from your operating system. If you are still thinking about the ransom note and the demands to pay for a decryptor, save yourself time, peace, and money. You will not achieve anything by contacting cybercriminals. Instead, you could put yourself at more risk. So, we hope that you can either replace the corrupted files with your own copies or that you can use the free decryptor. Even if these options do not work for you, we do not recommend paying the ransom. Whatever you decide, you want to delete LCK Ransomware, and you should do that first if you are going to use the decryptor or replace the files with copies. Some victims of the infection might be able to get rid of this threat manually, but we recommend that you install anti-malware software. Besides clearing your system from threats, it will also provide well-rounded protection, which is something you should be most interested in at this point.

How to delete LCK Ransomware

1. Locate the {random name}.exe file that helped launch the threat.
2. If you can locate the file, right-click it and choose Delete.
3. Also, right-click and Delete the file named FILES ENCRYPTED.txt.
4. Empty Recycle Bin and then install a trusted malware scanner.
5. Perform a complete system scan to check for hidden leftovers.