Scammerlocker Ransomware Removal Guide

Scammerlocker Ransomware is a malicious application that may damage a lot or just some of your personal files. Apparently, it all depends on where the user keeps his most important data since the malware targets only a few standard folders in the C: disk. As usual for such threats, after encrypting user’s data, the infection should drop a ransom note asking to make a payment. In exchange for 10 IOTA (a particular cryptocurrency) the hackers say they will deliver a unique decryption key and a decryptor. Of course, we would not recommend paying the ransom or contacting these people as there are no guarantees they have the promised tools. Not to mention, no matter what they promise, there is a possibility they may not bother to deliver the needed decryption tools. As a result, you would lose your money in vain. If you do not want this to happen, we recommend removing Scammerlocker Ransomware with the instructions located below or a trustworthy security tool.

The reason Scammerlocker Ransomware does not look as vicious as some other ransomware application is because instead of encrypting all data located on the computer the malware targets only the four particular folders in the %USERPROFILE% directory: Desktop, Documents, Videos, Pictures. What’s more, our specialists say the infection has also a rather short list of file types it can lock. To be more precise, the threat is only after data with the following extensions: .txt, .doc, .docx, .xls, .xlsx, .ppt, .pptx, .odt, .jpg, .png, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .c, .java, .py, .cpp, .gif, .cs, .ico, .js, .flv, .mp4, .mp3, .mov. To identify damaged files the user should simply take a look at the file's title. If at the end of it you can see a second extension called .jodis, it means the file is encrypted. It is obvious the damaged files will not open as well since the computer becomes unable to recognize them. Keep it in mind that deleting the additional extension will not change anything and so there is no point in modifying it.

After all the targeted files are encrypted, Scammerlocker Ransomware should drop a ransom note called FILES_ENCRYPTED.txt. Inside of it, you should find a message that starts with: “You my friend, have been caught. Don't bother installing AntiVirus, Because You're already fucked.” Then it should explain the encrypted files can only be restored with a unique decryption key and a decryption tool created by the malware’s developers. To receive it, the hackers ask to pay a ransom in a particular cryptocurrency (IOTA). Moreover, Scammerlocker Ransomware’s creators even suggest you could get the promised tools for free or for a smaller sum if you negotiate with them via email. Needless to say, we would not recommend either solution as it is entirely possible that you could get scammed. No matter how much you pay the hackers can always ask for more or just choose not to deliver the too; after all, once the money researches their account, you can no longer take it back.

For users who do not want to take any chances, we would recommend erasing Scammerlocker Ransomware at once. To remove the threat manually, you could use the instructions located at the end of this text. The other way to delete the malicious application is to obtain a reliable security tool, start a system scan, and then press the provided deletion button.

Get rid of Scammerlocker Ransomware

1. Tap Ctrl+Alt+Delete.
2. Select Task Manager.
3. Locate a particular process belonging to the malware.
4. Mark it and press End Task.
5. Exit Task Manager.
6. Press Win+E.
7. Locate the given directories:
   %TEMP%
   %USERPROFILE%\Desktop
   %USERPROFILE%\Downloads
8. Find a malicious file downloaded before the malware appeared.
9. Right-click the doubtful file and select Delete.
10. Locate the ransom notes (FILES_ENCRYPTED.txt).
11. Right-click them and press Delete.
12. Exit File Explorer.
13. Empty your Recycle Bin.
14. Reboot the system.