'.Locked_file File Extension' Ransomware is a ransomware-type computer malware that appends encrypted files with a “.locked_file” extension. Indeed, this application was designed to encrypt your files and then demand that you pay its creators an unspecified sum of money to get them back. However, you only have 72 hours to pay because, if you fail to meet the deadline, the cyber criminals will delete your unique decryption key. In any case, you should not trust cyber criminals to keep their word and, therefore, you ought to remove this ransomware instead of paying the ransom. We have more detailed information about '.Locked_file File Extension' Ransomware below, so if you are interested, please continue reading.
There is no information on how '.Locked_file File Extension' Ransomware is distributed. Our guess is that its creators have set up an email server to send fake emails to people disguised as tax return forms, receipts, invoices, and so on. The emails might have an attached file that can pose as a PDF or DOC document while it is an EXE file, in fact. If you open the attached file, then your PC can become infected with this ransomware. The main executable does not copy itself anywhere, so you should check %USERPROFILE%\Desktop, %USERPROFILE%\Downloads, and %TEMP% for this ransomware and delete it at once.
However, if your PC were to become infected with this ransomware, then it is too late to do anything about it because it is set to initiate the encryption process immediately upon infection. Testing has shown that this ransomware first enumerates system information and executes a “CACLS "[FILENAME]" /E /G %USERNAME%:F /C & ATTRIB -R -A -H "[FILENAME]" command.
This ransomware also enumerates the files present on your PC but is set to skip folders such as WINDOWS, PROGRAM FILES, APPDATA, APPLICATION DATA, TEMP, TMP and many others. It was also set not to encrypt file types that include but are not limited to .LST, .PKEY, .SKEY, .LNK, .EXE, .TMP, .ICO, .000, .SYS, .DAT, .INF, .DLL, .DAT, .REG, .DRV, .DEV, .PIF, .MBR, .INI, .XML, .LIST, .TTF, and .LOG. All other file types not in this exclusion list are set to be encrypted by this ransomware. It appends the encrypted files with a “.locked_file” file extension. Once this ransomware has encrypted your files, it will drop a ransom note named !HOW_TO_UNLOCK_FILES!.html in each folder where files were encrypted. The ransomware changes the default name of the files and also adds its restoreassistant2@tutanota.com email address. The note says you have to contact the criminals and pay the ransom within 72 hours because your decryption key will be deleted otherwise. However, you should not comply with this demand because there is no telling whether the cyber crooks will keep their word.
As you can see, '.Locked_file File Extension' Ransomware is a dangerous application that can render your files useless lumps of bytes. However, you should not comply with the cyber criminals’ demands and pay the ransom because you cannot be sure that they will send you the decryption key. Therefore, we recommend to be on the safe side of things and remove this ransomware using an anti-malware program such as SpyHunter or the manual removal guide featured below.
# | File Name | File Size (Bytes) | File Hash |
---|---|---|---|
1 | b5034183d4d2aca1e586b4a4bf22f32e4204c4b6d288c171d5252636c11248a0.exe | 910848 bytes | MD5: 45498bbe9ef5e6158864d2c8b825e704 |
# | Process Name | Process Filename | Main module size |
---|---|---|---|
1 | b5034183d4d2aca1e586b4a4bf22f32e4204c4b6d288c171d5252636c11248a0.exe | b5034183d4d2aca1e586b4a4bf22f32e4204c4b6d288c171d5252636c11248a0.exe | 910848 bytes |