Dragon Ransomware - Remove It and Restore .locked Files

Dragon Ransomware – Remove It and Restore .locked Files

In this article, you will find more information about Dragon ransomware as well as a step-by-step guide on how to remove malicious files from the infected system and how to recover .locked files.

Dragon ransomware is a vicious cryptovirus that corrupts computer systems and personal files to extort ransom payment from victims. As identified by security researchers Dragon ransomware is based on the code of another ransomware dubbed

Aurora. Since the threat corrupts target files by utilizing the strong RSA-2048 encryption algorithm, it leaves them completely inaccessible. Dragon ransomware also adds the .locked file suffix and drops a ransom note file. The note is dropped on the system as a file called #DECRYPT_MY_FILES#.txt and it aims to blackmail you into paying a hefty ransom fee to hackers.

Threat Summary

NameDragon ransomware
TypeRansomware, Cryptovirus
Short DescriptionA data locker ransomware designed to plague system settings, utilize strong cihper algorithm and encrypt valuable files.
SymptomsImportant files are locked and renamed with the .locked extension. Ransom message insists on ransom payment for a decryption tool.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by Dragon ransomware


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Dragon ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Dragon Ransomware – Spreading and Description

The most probable attack vector used for the spread of Dragon ransomware is malspam. Malspam is a preferred technique as it enables hackers to deliver malicious code on users’ devices with the help of massive email campaigns. Spam emails which are part of attack campaigns usually contain one or more of the following components:

  • A link to compromised web page that is set to download and execute infection files directly on the PC. The URL address to this page may be presented as an in-text link, banner, image, button or full URL address.
  • A malicious file attachment that is presented as legitimate document by the text message. It could be uploaded in a .rar or .zip archive. Such a file could be set to evade active security measures and trick you into running the ransomware on your PC.

Other channels that may be part of the distribution strategy for Dragon ransomware are malvertising, freeware installers, corrupted web pages, compromised software setups, fake software updates, malicious files shared on forums and other.

The moment Dragon’s payload starts on the system, the ransomware begins the attack. During the attack, Dragon ransomware completes various malicious operations. As a result, the threat becomes able to remain undetected while corrupting target personal files.

For the encryption stage, Dragon ransomware activates a built-in cipher module. This module scans predefined system drives for target types of files to modify their code with the RSA-2048 cipher algorithm. Once the encryption process is done you cannot access the data stored by valuable files like:

  • Audio files
  • Video files
  • Document files
  • Image files
  • Backup files
  • Banking credentials, etc

Following encryption, corrupted files could be recognized by the extension .locked which is appended to their names.

Once Dragon ransomware is ready with the encryption process it drops a ransom note file to extort a hefty ransom fee for .locked files decryption tool. The note could be found in a file called #DECRYPT_MY_FILES#.txt and all that it reads is:

Dragon Ransomware

#What happened to your files?
All your files has been encrypted by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)

#What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.

#How did this happen?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private. All your files were encrypted with the public key, which has been transferred to your computer via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

#What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed. If you really value your data, then we suggest you do not waste valuable time searching for the solutions because they do not exist.
Trying to reinstall the system and decrypting the file with a third-party tool will result in file corruption which means no one can decrypt your file(including us)!
If you still try to decrypt the file yourself, you do so at your own risk!

#Test decryption!
As a proof, you can send 3 encrypted files and ID to test decrypt,and we will send you the decrypted files to prove that we can decrypt your files.
To decrypt all your files, you need to buy Dragon Decryptor.

#How to buy Dragon Decryptor?
1.buy 0.3 bitcoin at https://localbitcoins.com
2.contact us by email to get a payment address
3.send bitcoin to our payment address
4.after payment,we will send you Dragon Decryptor


The purpose of this message is to convince you that you should contact hackers at dragon-support@pm.me email address and wait for an answer with more details on a ransom payment process. For the sake of your security, we advise you to avoid contacting hackers and attempt to restore your PC and data with the help of the guide that follows.

Remove Dragon Ransomware and Restore .locked Files

The so-called Dragon Ransomware is a threat with highly complex code designed to corrupt both system settings and valuable data. So the only way to use your infected system in a secure manner again is to remove all malicious files and objects created by the ransomware. For the purpose, you could use our removal guide that reveals how to clean and secure your system step by step. In addition, in the guide, you will find several alternative data recovery approaches that may be helpful in attempting to restore files encrypted by Dragon ransomware. We remind you to back up all encrypted files to an external drive before the recovery process.

How to Recover .locked Files

A decryption tool is now available for Dragon ransomware! The tool was created by the malware researcher Michael Gillespie and can be downloaded from the following link, wrapped inside a .zip archive: AuroraDecrypter.zip.

There are several alternative methods that may be efficient for the recovery of .locked files as well. You could find them listed under Step 5 from our Dragon ransomware removal guide. Beware that you should make copies of all encrypted files and save them on a flash drive for example. This additional step will prevent the permanent loss of encrypted .locked files.

Ransomware Removal Instructions

Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for four years, researching malware and reporting on the latest infections.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share