Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove Vindows Locker Virus and Restore .vindows Files

stf-vindows-locker-ransomware-virus-ransom-message-note

Vindows Locker is the name for a new ransomware cryptovirus. Malware researcher Jakub Kroustek discovered the virus. The ransom price that it asks for decrypting your files is 350 US dollars. The malware will encrypt your files and place the extension .vindows to each one of them. To see how to remove this ransomware and how you can try to restore your files, carefully read the article to the end.

Threat Summary

Name Vindows Locker
Type Ransomware, Cryptovirus
Short Description The ransomware will encrypt your files and then display a ransom note with instructions for payment.
Symptoms The ransomware will encrypt your files and put the extension .vindows to every one of them.
Distribution Method Spam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Vindows Locker

Download

Malware Removal Tool

User Experience Join Our Forum to Discuss Vindows Locker.
Data Recovery Tool Data Recovery Pro by ParetoLogic Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Vindows Locker Virus – Spread

Vindows Locker ransomware can spread its infection in multiple methods. One of the most efficient ways is with sending the payload as an .exe file. That executable file delivers the ransomware, so when loaded the malicious script inside infects your computer machine. You can see the analysis of that executable containing the payload on the VirusTotal website, from the screenshot below:

stf-vindows-locker-ransomware-virus-total-virustotal-detections

Vindows Locker ransomware might be spreading its payload around social media and platforms for file-sharing. The malicious script could be hidden as the setup of applications, which are advertised as legitimate and useful. Refrain from opening files from suspicious sources as links and emails. You should always scan files you download with a security tool and check their size and signature for anything that seems out of place. You should read the tips about ransomware prevention from the corresponding forum topic.

Vindows Locker Virus – Details

Vindows Locker looks like a tech support scam and is one. But more than that – it is also ransomware and a cryptovirus. The malware researcher Jakub Kroustek found it in the wild.

Vindows Locker is named that way and after it encrypts your files, it will put the extension .vindows appended as a secondary extension to every file that’s locked. This ransomware is possible to create entries in the Windows Registry to achieve a greater level of persistence. These registry entries will make this virus start automatically with each boot of the Windows Operating System.

After your files get encrypted, a screen with the ransom message will appear with instructions for payment and the demands of the cybercriminals for unlocking your files. You can see the ransom message from the image below:

stf-vindows-locker-ransomware-virus-ransom-message-note
Image Source: @Jakub Kroustek

The ransom note reads the following:

Vindows Locker
this is not Microsoft vindows support
we have locked your files with the zeus wirus
do one thing and call level 5 microsoft support technician at
1-844-609-3192
you will files back for a one time charge of $349.99

The ransom price that this cryptovirus demands as payment for the decryption of your files is 349.99 US dollars, which is nearly half a Bitcoin. You are lied to that you are infected with the Zeus virus, that you are given a phone to a Microsoft employee. You should NOT consider calling the crooks, nor paying the demanded ransom. This may only result in the cybercriminals making more ransomware with the money. Besides, nobody can guarantee that all of your files will get restored if you pay that sum of money.

The Vindows Locker ransomware encrypts files and appends the .vindows extension to every one of them. The encryption algorithm that is used is not known, but according to some researchers, the code looks similar to that of the HiddenTear open-source project. The list with file extensions which this virus seeks to encrypt is incomplete, but you can see some of the extensions down here:

→.doc, .docx, .jpg, .png, .ppt, .pptx, .txt, .xls, .xlsx

Extensions Source: @Jakub Kroustek

The Vindows Locker cryptovirus is quite likely to erase the Shadow Volume Copies from the Windows operating system by using the command given down here:

→vssadmin.exe delete shadows /all /Quiet

Read further to find out what types of methods you can try to restore at least a part of your data.

Remove Vindows Locker Virus and Restore .vindows Files

If your computer got infected with the Vindows Locker ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance to spread further and infect more computers. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 2. Restore files encrypted by Vindows Locker.

Manually delete Vindows Locker from your computer

Note! Substantial notification about the Vindows Locker threat: Manual removal of Vindows Locker requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

1. Boot Your PC In Safe Mode to isolate and remove Vindows Locker files and objects
2.Find malicious files created by Vindows Locker on your PC

Automatically remove Vindows Locker by downloading an advanced anti-malware program

1. Remove Vindows Locker with SpyHunter Anti-Malware Tool and back up your data
2. Restore files encrypted by Vindows Locker
Optional: Using Alternative Anti-Malware Tools

Berta Bilbao

Berta is the Editor-in-Chief of SensorsTechForum. She is a dedicated malware researcher, dreaming for a more secure cyber space.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.