Ransomware infection, using a well-designed website, was detected by malware researchers on the end of February. The infection does not have a specific name, however it uses a message – “Your Data Was Locked”. Such ransomware viruses aim only for one thing, to infect unsuspecting user’s computers, encrypt the files and ask for a hefty ransom fee to send a decryption tool or a key. In case you have become an unfortunate victim of this ransomware infection, recommendations are to read this material carefully.
|Name||Your Files are Locked Virus|
|Short Description||The ransomware encrypts files and asks to visit a TOR-based website and pay a ransom.|
|Symptoms||Files are encrypted and are no longer openable. A note may automatically open.|
|Distribution Method||Spam Emails, Email Attachments, File Sharing Networks.|
See If Your System Has Been Affected by Your Files are Locked Virus
Malware Removal Tool
|User Experience||Join our forum to Discuss Globe2 Ransomware.|
Your Data Was Locked – More Information
This ransomware virus is from the file encryption type, meaning that it aims to make the files on your computer unavailable to you.
How Does Your Data Was Locked Spread
To cause an infection, the cyber-criminals who have developed this virus may undertake massive spam campaigns. The spam usually consists of various e-mails that contain malicious e-mail attachments. The e-mails may have deceptive content, for example:
- “Your payment receipt.”
- “Your Invoice.”
- “Please open attachment for more information.”
They usually aim for one thing only, to get unsuspecting users to open a malicious attachment and get infected this way.
Your Data Was Locked Virus – Further Analysis
After infection takes place, the Your Data Was Locked virus might drop several different files in the following Windows folders:
After the files are dropped on the compromising computer, the Your Data Was Locked ransomware may also modify several other settings of the infected computer, such as make the malicious executable(s) run on system startup. This is achievable by modifying the following Windows registry entries:
After this happens, the Your Files Are Locked ransomware may also delete the shadow copies of the infected machine to demolish any chance of restoring the files encoded by this virus. This is usually done by the vssadmin command in administrative and quiet mode:
Regarding the file encryption, Your Data Was Locked may attack different types of important files, such as:
- Image types of files. (virtual images)
- Virtual drives.
- Adobe .PDF documents.
- Microsoft Office documents.
- Documents related to other often used software.
- Database type of files.
After the encryption process by Your Files Are Locked ransomware is complete, the virus may begin to notify the user. This happens by displaying the following file:
The file has web links that lead to Tor-based and other anonymizing web pages. They all have the similar interface to the one below:
The virus has advanced authentication techniques, asking users to choose icons and click Continue to enter full payment instructions. Paying the ransom fee is strongly inadvisable.
Remove Your Data Was Locked Virus and Get The Files Back
At the moment there is hardly enough information about this virus. However, you should not pay any ransom and back up the encrypted files for later, when a decryptor that is free is hopefully released.
For the removal of this ransomware infection, we recommend following the removal instructions we have created below. They are designed to take you methodologically through several steps that will assist you with the removal of this ransomware. In case manual removal is difficult for you, we recommend following the automatic instructions.
If you want to try and restore your files, you may want to attempt the alternative tools for file decryption, which we have suggested for you below. They may not be 100% successful but may help recover at least some of the important files on your computer. You can find them in the step “2. Restore files encrypted by Your Files are Locked Virus”
Manually delete Your Files are Locked Virus from your computer
Note! Substantial notification about the Your Files are Locked Virus threat: Manual removal of Your Files are Locked Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.
Automatically remove Your Files are Locked Virus by downloading an advanced anti-malware program
Globe2 Ransomware Decryption Instructions
In order to successfully decrypt files enciphered by globe ransomware you are going to need several details to begin with. First, you will need an original file and an encrypted file.
In case you cannot find one, make sure to browse through the default wallpaper folder of the same version of your Windows OS. Here is an example of the location of the default folders for wallpapers for different Windows versions:
After having located an original and an encrypted file, make sure to download the decrypter by clicking on the download button below:
Make sure to save the decrypter somewhere easy to find and open it. Then follow the steps below:
Step 1: Drag and drop the encrypted file and the original file together into the decrypter, like the animated image below demonstrates:
Step 2: The decrypter will begin a brute forcing sequence. Simply wait until your key has been discovered:
Step 3: After this, click on OK and the main interface of the decrypter should appear. From it, choose Add Files to add all the files that you wish to be deciphered.
Step 4: After you have added your files, click on the Decrypt button so that the decrypter can begin the deciphering operation.
At this point you will begin to see on the live feed at the middle of the decrypter’s interface which files were successfully decoded:
Globe2 Ransomware – The Bottom Line
As a summary of this virus, it is nothing special since malware researchers have managed to almost immediately decode it. But bear in mind that there are many other dangerous ransomware viruses out there that exist for couple of years now and no decryption solution has been released yet. This is why it is always a benefit to know how to protect yourself from malware of the file encryption type.
We have prepared several simple tips that you can follow and stay safe in the future: