Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Your Data Was Locked Virus (Restore Files)

Article created to help you delete Unlock26 “Your Data Was Locked” ransomware and restore the encoded files.

Ransomware infection, using a well-designed website, was detected by malware researchers on the end of February. The infection does not have a specific name, however it uses a message – “Your Data Was Locked”. Such ransomware viruses aim only for one thing, to infect unsuspecting user’s computers, encrypt the files and ask for a hefty ransom fee to send a decryption tool or a key. In case you have become an unfortunate victim of this ransomware infection, recommendations are to read this material carefully.

Threat Summary

Name Your Files are Locked Virus
Type Ransomware Infection
Short Description The ransomware encrypts files and asks to visit a TOR-based website and pay a ransom.
Symptoms Files are encrypted and are no longer openable. A note may automatically open.
Distribution Method Spam Emails, Email Attachments, File Sharing Networks.
Detection Tool See If Your System Has Been Affected by Your Files are Locked Virus

Download

Malware Removal Tool

User Experience Join our forum to Discuss Globe2 Ransomware.

Your Data Was Locked – More Information

This ransomware virus is from the file encryption type, meaning that it aims to make the files on your computer unavailable to you.

How Does Your Data Was Locked Spread

To cause an infection, the cyber-criminals who have developed this virus may undertake massive spam campaigns. The spam usually consists of various e-mails that contain malicious e-mail attachments. The e-mails may have deceptive content, for example:

  • “Your payment receipt.”
  • “Your Invoice.”
  • “Please open attachment for more information.”

They usually aim for one thing only, to get unsuspecting users to open a malicious attachment and get infected this way.

Your Data Was Locked Virus – Further Analysis

After infection takes place, the Your Data Was Locked virus might drop several different files in the following Windows folders:

  • %AppData%
  • %Temp%
  • %Local%
  • %LocalRow%
  • %Roaming%
  • %SystemDrive%

After the files are dropped on the compromising computer, the Your Data Was Locked ransomware may also modify several other settings of the infected computer, such as make the malicious executable(s) run on system startup. This is achievable by modifying the following Windows registry entries:

→ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

After this happens, the Your Files Are Locked ransomware may also delete the shadow copies of the infected machine to demolish any chance of restoring the files encoded by this virus. This is usually done by the vssadmin command in administrative and quiet mode:

Regarding the file encryption, Your Data Was Locked may attack different types of important files, such as:

  • Videos.
  • Photos.
  • Image types of files. (virtual images)
  • Virtual drives.
  • Adobe .PDF documents.
  • Microsoft Office documents.
  • Documents related to other often used software.
  • Database type of files.

After the encryption process by Your Files Are Locked ransomware is complete, the virus may begin to notify the user. This happens by displaying the following file:

The file has web links that lead to Tor-based and other anonymizing web pages. They all have the similar interface to the one below:

The virus has advanced authentication techniques, asking users to choose icons and click Continue to enter full payment instructions. Paying the ransom fee is strongly inadvisable.

Remove Your Data Was Locked Virus and Get The Files Back

At the moment there is hardly enough information about this virus. However, you should not pay any ransom and back up the encrypted files for later, when a decryptor that is free is hopefully released.

For the removal of this ransomware infection, we recommend following the removal instructions we have created below. They are designed to take you methodologically through several steps that will assist you with the removal of this ransomware. In case manual removal is difficult for you, we recommend following the automatic instructions.

If you want to try and restore your files, you may want to attempt the alternative tools for file decryption, which we have suggested for you below. They may not be 100% successful but may help recover at least some of the important files on your computer. You can find them in the step “2. Restore files encrypted by Your Files are Locked Virus”

Manually delete Your Files are Locked Virus from your computer

Note! Substantial notification about the Your Files are Locked Virus threat: Manual removal of Your Files are Locked Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Your Files are Locked Virus files and objects
2.Find malicious files created by Your Files are Locked Virus on your PC

Automatically remove Your Files are Locked Virus by downloading an advanced anti-malware program

1. Remove Your Files are Locked Virus with SpyHunter Anti-Malware Tool and back up your data

Globe2 Ransomware Decryption Instructions

In order to successfully decrypt files enciphered by globe ransomware you are going to need several details to begin with. First, you will need an original file and an encrypted file.

encrypted-file-original-file-globe-ransomware-sensorstechforum

In case you cannot find one, make sure to browse through the default wallpaper folder of the same version of your Windows OS. Here is an example of the location of the default folders for wallpapers for different Windows versions:

C:\Windows\Web\Wallpaper
C:\Users\UserProfile\Pictures
C:\Users\UserProfile\Sample Pictures

After having located an original and an encrypted file, make sure to download the decrypter by clicking on the download button below:

Download

Globe2 Decrypter

Make sure to save the decrypter somewhere easy to find and open it. Then follow the steps below:

Step 1: Drag and drop the encrypted file and the original file together into the decrypter, like the animated image below demonstrates:

globe2-ransomware-drag-drop-filess

Step 2: The decrypter will begin a brute forcing sequence. Simply wait until your key has been discovered:

decrypt-globe2-instructions-bruteforcing-key-sensorstechforum

2-i-1-nemucod-key-found-globe2-sensorstechforum

Step 3: After this, click on OK and the main interface of the decrypter should appear. From it, choose Add Files to add all the files that you wish to be deciphered.

3-globe2-main-ninterface-sensorstechforum-1

Step 4: After you have added your files, click on the Decrypt button so that the decrypter can begin the deciphering operation.

6-globe2-decrypt-files-sensorstechforum

At this point you will begin to see on the live feed at the middle of the decrypter’s interface which files were successfully decoded:

4-decrypted-files-globe2-sensorstechfrum

Globe2 Ransomware – The Bottom Line

As a summary of this virus, it is nothing special since malware researchers have managed to almost immediately decode it. But bear in mind that there are many other dangerous ransomware viruses out there that exist for couple of years now and no decryption solution has been released yet. This is why it is always a benefit to know how to protect yourself from malware of the file encryption type.

We have prepared several simple tips that you can follow and stay safe in the future:

Tip 1: Make sure to read our general protection tips and try to make them your habit and educate others to do so as well.
Tip 2: Install an advanced anti-malware program that has an often updated real-time shield definitions and ransomware protection.

Tip 3: Seek out and download specific anti-ransomware software which is reliable.

Tip 4: Backup your files using one of the methods in this article.

Tip 5: : Make sure to use a secure web browser while surfing the world wide web.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.