LOCKED_PAY Ransomware Removal Guide

LOCKED_PAY Ransomware is a malicious application that shows a message saying: “Ooops, YOUR IMPORTANT FILES HAVE BEEN ENCRYPTED BY MAYA!!!” Our specialists say that it belongs to the large Jigsaw Ransomware family. Threats from this malware family both encrypt files and delete them if their victims refuse to pay for their decryption. While LOCKED_PAY Ransomware does show a ransom note in which its developers threaten to erase encrypted data and ask for a ransom, in reality, it might be unable to encrypt any files. If the variant you receive does not lock any files, we recommend ignoring the malware’s displayed ransom note and removing it at once. We advise doing the same if you do not want to fund hackers either. To erase it manually, you could follow the deletion instructions provided at the end of this article. For more information about the threat and its removal, you should read our full report.

It is suspected that LOCKED_PAY Ransomware’s installer might be disguised as a patch or an update. Such a possibility arises from the fact that the malware displays a fake system alert claiming some patch has been successfully installed. This message is probably displayed to distract users and prevent them from finding out that the malicious program entered their system. While hiding, the threat should perform the encryption process during which all targeted files are supposed to be marked with the .LOCKED_PAY extension. Nonetheless, as explained at the beginning of this article, the malicious application may not necessarily act this way. The version tested by our specialists did show the fake system alert, but it could not encrypt any files. Still, the threat displayed a window with a message claiming that all files were encrypted.

There is a chance that the version we encountered could be a test variant and that it might not be spread yet. In any case, if your system gets infected with LOCKED_PAY Ransomware, you should see if your files got encrypted before deciding what to do. The hackers behind the malicious application suggest using their decryption tools that might be accessed through the threat’s window after a user pays a ransom. Of course, there is not knowing if the decryption button will work, which would not surprise us, considering our tested variant could not even encrypt any files. It is unclear whether the malicious application could erase data it threatens to delete either. To be more precise, the threat’s note says a thousand files will be erased each hour until hackers receive a payment.

Also, there is a sentence at the end that says: “if you do not take this seriously we will use your data against you.” The text does not specify how user’s files could be used against him, but we suspect hackers meant to say they will sell user’s data on the dark web or do something similar. If you have no intention to pay, you should not waste any time and get rid of LOCKED_PAY Ransomware at once. We recommend doing it as fast as possible, just in case the threat appears to be able to delete files from your system.

To see how to remove it manually, you could follow the instructions available at the end of this article. However, it might be safer to use a reliable antimalware tool instead. That is because it is possible there could be other LOCKED_PAY Ransomware’s versions, which might work differently, and so our provided instructions may not work for everyone.

Get rid of LOCKED_PAY Ransomware

1. Tap Ctrl+Alt+Delete.
2. Pick Task Manager.
3. Select the Processes tab.
4. Look for a process associated with the malware.
5. Select the process and click End Task.
6. Leave Task Manager.
7. Tap Win+E.
8. Go to these locations:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
9. Find the malicious file opened before the system got infected, right-click it, and select Delete.
10. Search for files named _readme.txt, right-click them, and select Delete.
11. Check this location: %APPDATA%
12. Find the malware’s copy that could be placed in a directory called Path, right-click this folder and choose Delete to erase it along with the files inside of it.
13. Close File Explorer.
14. Empty Recycle Bin.
15. Restart the computer.