Locked Ransomware Removal Guide

Although Locked Ransomware does not lock you out of your operating system, it can encrypt personal files, making it impossible for you to access them. It was found that an AES encryption algorithm is used for the encryption of your personal files. It was also found that this infection is based on EDA2, a file crypter kit that is available at github.com. According to our research, this infection started spreading in early March, and it is likely that it will spread further in the future. Unfortunately, Cerber Ransomware, Crysis Ransomware, and other malicious ransomware infections have been proven to be very difficult to take down. The creators of these malicious infections conceal themselves very well, and they use different techniques to make themselves untraceable. Unsurprisingly, they use malicious techniques to infiltrate ransomware onto your computer as well. Continue reading to learn more about the distribution, activity, and removal of Locked Ransomware.

Locked Ransomware is likely to spread using various drive-by download and social engineering scams. Beware of spam emails, suspicious links, downloaders, and other backdoors that could be used to infiltrate this malicious ransomware. Our researchers have named Locked Ransomware after the extension it uses, which is identical to the ones used by the malicious JobCrypter Ransomware. “.locked” is the extension that is attached to every file encrypted by this malicious Windows infection, and, as you know by now, it targets personal files. Photos, documents, videos, PDF files, and other types of files can be encrypted by this infection within a few minutes. The initial malicious executable is responsible for initiating the encryption process, but it is also responsible for changing your Desktop picture and creating a file called "READ_IT.txt". The new desktop image pushes you to open this TXT file and read the information within it, which includes the demands to pay a ransom of ~0.5BTC or ~200USD. Here is an excerpt.

Uh oh. It looks like your data has been the victim of the encryption thief. Your files have been encrypted with AES: search your drive for "locked" if you don't believe me . Unfortunately you're going to have to pay some money to get your files back and your fee is approximately $200 in US Dollars.

According to these instructions, you have 72 hours to pay the requested ransom. If you do not pay the ransom, your files, allegedly, will be lost for good as the decryption key stored on a remote server will be removed automatically. The TXT file also provides steps on how to purchase and send Bitcoins and how to apply the decryption code. This code should show up on http://let-me-help-you-with-that.webnode.com/ with the exact amount of money you have sent, which, supposedly, will allow you to identify which code is yours. Unfortunately, cyber criminals cannot be trusted under any circumstances, and it is possible that your files will remain locked even if you pay the ransom. Of course, because the creator of Locked Ransomware does not provide any other solution, it is not surprising that some computer users choose to fulfill all of the demands. Keep in mind that even if you have paid the ransom, you still need to remove this ransomware from your Windows operating system.

The instructions below show how to delete Locked Ransomware, but you have to make the right steps at the right time. If you are still thinking about paying the ransom, you should not erase any files; otherwise, you will lose your chance of potentially restoring your personal files. Some computer users might find that the ransomware did not encrypt personal files (for example, if the system infected did not store any) or that it encrypted files that have been backed up previously. In any of these cases, and if you have already paid the ransom, you can follow the steps below to eliminate the malicious infection. These steps are very simple, and we are sure you can handle them even if you are inexperienced. However, if you are having problems, please post a comment below, and we will try to help you. Alternatively, use an anti-malware tool that can erase the existing malware automatically. Considering that other malicious programs could have corrupted your PC, this is the best option you have.

How to delete Locked Ransomware

1. Delete the malicious .exe file that has launched the infection. Note that this file can be located anywhere and might have a completely random name. Try using a malware scanner to identify this file.
2. Launch Explorer (tap Win+E).
3. Type %APPDATA% into the address bar and tap Enter.
4. Delete the malicious file (copy of the original .exe file).
5. Type %USERPROFILE% into the address bar and tap Enter.
6. Delete these files: Decrypter.exe, ransom.jpg.
7. Move to the Desktop and Delete the "READ_IT.txt" file.