.L0CKED File Virus (Decrypt Files) - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

.L0CKED File Virus (Decrypt Files)

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by L0CKED Virus and other threats.
Threats such as L0CKED Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article aims to help you remove the new EDA2 .L0CKED ransomware variant dropping DecryptFile.txt note and to try and restore .L0CKED encrypted files.

The virus, claiming to use RZA4096 key is actually the latest variant of EDA2 ransomware viruses and is actually a fake encryption algorithm, pretending to be RSA-4096. What is typical for these variants is that they are in the hundreds when you count them, because the virus has been released as an open source-free code online. In case you have become a victim of the virus, it is advisable not to pay the demanded by it sum of 0.3 BTC and make sure to read our article to learn how to remove the virus and hopefully restore your files for free, using the EDA2 decrypter.

Threat Summary

Name

L0CKED Virus

TypeRansomware Virus
Short DescriptionNew EDA2 iteration. Using the .L0CKED file extension and a weak encryption algorithm.
SymptomsDemands victims to visit a TOR-based web page. Demands payment of 0.3 BTC to decrypt files. Changes wallpaper and drops a DecryptFile.txt ransom note with the same demands.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by L0CKED Virus

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss L0CKED Virus.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

How Does .L0CKED EDA2 Virus Infect

Since this virus has been released in numerous variants, such as PokemonGo ransomware and FSociety which’s idea comes from the Anonymous-inspired hacking group in the Mr.Robot tv-series.

Similar to the other variants, the .L0CKED virus uses the same strategy to spread – a malicious executable which may be located on different places online. One of the most likely infection vectors is via e-mails. Such infections may be administered via a remote service which initiates massive spam campaigns of phishing e-mail messages. Such messages may resemble legitimate e-mails from providers, such as:

  • FedEx.
  • Amazon.
  • eBay.
  • Wallmart.
  • A bank branch.

They also include convincing items, such as text as well as images, which are focused primarily on getting victims to open a malicious attachment. Once this has already happened, the .L0CKED virus, may drop a malicious executable on the compromised computer.

Then, the malicious .exe of the .L0CKED virus may create a user profile in the Computer Management tab and create registry values for this profile in the following key:

→ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

After this has been done, the .L0CKED virus may also create an Autorun.inf file which if executed on startup will get this EDA2 variant to get straight to file encryption on system startup.

.L0CKED EDA2 Ransomware – Post-Infection Actions

After already having infected the computer it has sent spam to, the . L0CKED virus begins to immediately encrypt files of the following types:

→ *.txt, *.doc, *.docx, *.xls, *.xlsx, *.ppt, *.pptx, *.odt, *.jpg, *.png, *.csv, *.sql, *.mdb, *.hwp, *.pdf, *.php, *.asp, *.aspx, *.html, *.xml, and *.psd.

After encryption the wallpaper is changed and the DecryptFile.txt ransom note is dropped, both of which have the same message for the user:

The message leads to a TOR-based website which has the following demands to pay the hefty sum of 0.3 BTC:

The bottom line is that this EDA2 variant is decryptable, just like the other EDA2 Ransomware versions and you should remove it immediately and decrypt the files.

How to Remove .L0CKED Virus and Decrypt The Files

In order to fully remove the virus and decrypt your files, we advise you to follow methodologically the instructions below. They will help you to firstly remove the .L0CKED virus’ files as well as the objects it has created in the Windows Registry. For maximum effectiveness, it is recommended to use an advanced anti-malware scanner and use it to remove all files associated with the virus from your computer.

Note! Your computer system may be affected by L0CKED Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as L0CKED Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove L0CKED Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove L0CKED Virus files and objects
2. Find files created by L0CKED Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by L0CKED Virus

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...