What is .Locked File Extension Ransomware? And how does it attack your computer and files?
.Locked File Extension ransomware is a newly discovered file-encrypting threat that targets PC users running Windows OS. It is shows some resemblance with .locker File Extension ransomware except that it adds a different and modified file extension of “restoreassistant2attutanota.com.LOCKED_FILE”.
.Locked File Extension ransomware execute its attack on the compromised computer effectively using various infecting methods to infiltrate your system without you knowing at all. After its successful infiltration, it scans all the drives in your computer for different file types and then appends the .Locked_file extension on each one of them. It uses a combination of AES 256 and RSA ciphers in encrypting the files. Using both these encryption algorithm only signifies that recovering your files will be very difficult. Take note that this ransomware also deletes all the Shadow Volume Copies of the encrypted files. This isn’t good for recovering your files becomes next to impossible and that you will have to use a decryptor to recover them. When it’s done with the encryption, it drops a file named “!HOW_TO_UNLOCK_FILES!.html” which contains the ransom note. Here’s its full context:
“All your files have been encrypted with strong cryptographic algorithm!
It means you will not be able to access them anymore until they are decrypted with your unique decryptor!
If you will follow our instructions, we guarantee that you can decrypt all your files quickly and safely!
Attention! You have only 72 hours for reaction. After this time your unique decryption key will be deleted!
===================================================
If you want to restore your files, please write us to the e-mail:
[email protected]
For fast authentication you can send us few files for free decryption and your personal ID:
====================================================
Attention!
* Do not rename encrypted files.
* Do not try to uninstall the program or run antivirus software.
* Do not try to decrypt your data using third party software, it may cause permanent data loss.
* Decoders of other users are incompatible with your data, each user has unique encryption key.
* For assurance you can send us up to 3 files for free decryption.
* Please note that files for free decryption must NOT contain valuable information and their total size must be less than 5Mb.”
How does .Locked File Extension ransomware distribute its infection?
This ransomware makes use of malicious spam email campaigns in distributing its infection. It sends emails with infected attachments or links to malicious websites. These emails usually contain forged header information to trick you into believing that it is from a shipping company such as DHL or FedEx. The context of the email contains a message which tells you that the shipping company tried to deliver a package to you but failed due to some reason. There are also times when these emails claim to be notifications of a shipment you’ve made. So of course, with your curiosity triggered, you’ll be enticed to download and open the attachment or click on the link. And with that, the .Locked File Extension ransomware starts its attack.
How can you recover your files?
Since the Shadow Volume Copies of the files are deleted, restoring them using the Windows Previous version feature in your computer won’t be an option. The best thing you could do is use the backup copies of the affected files, that is, if you made extra copies and to terminate .Locked File Extension ransomware immediately. If not, your last resort would be is to wait for a free decryption tool to get your files back. So no matter how desperate you are, paying the ransom won’t do you any good. As of now, malware security experts are trying to come up with a free decryptor to help victims like you in recovering your files.
Terminate .Locked File Extension ransomware and its components with the help of the removal guide below.
Step 1: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for suspicious processes that can be related to the .Locked File Extension Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 2: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Step 3: Look for .Locked File Extension ransomware or any malicious program and then Uninstall it.
Step 4: Hold down Windows + E keys simultaneously to open File Explorer.
Step 5: Go to the directories listed below and then look for the corrupted files such as its ransom note, “!HOW_TO_UNLOCK_FILES!.html”created by the malware.
C:\Users\(your pcname)\AppData\Roaming
%TEMP%.
%USERPROFILE%\Downloads
%USERPROFILE%\Desktop
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that .Locked File Extension ransomware created. So if you are not familiar with the Windows Registry skip to Step 9 onwards.
However, if you are well-versed in making registry adjustments, then you can proceed to step 6.
Step 6: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 7: Navigate to the following path:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Step 8: Delete the registry values created by .Locked File Extension ransomware.
Step 9: Close the Registry Editor.
Step 10: Empty the Recycle Bin.
Follow the continued advanced steps below to ensure the removal of the .Locked File Extension ransomware:
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in Apollolocker http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between Apollolocker and http. Click OK.
- A dialog box will be displayed by Internet Apollolocker. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- Click OK to launch the program.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.