.lock Files Virus – WHAT IS IT + How to Remove
THREAT REMOVAL

.lock Files Virus – WHAT IS IT + How to Remove

What are .lock files? What is .lock ransomware virus? How to remove the .lock files ransomware from your computer? How to try and restore .lock encrypted files?

A ransomware infection has been detected by researcher Petrovic(@petrovic082) to encrypt the files on the computers of victims and then set the .lock extension on the encrypted files. The end goal of the .lock Ransomware virus, which is believed to be written in Python is to get victims to pay 100$ to the BitCoin wallet of the cyber-criminals behind it. The ransomware drops a Read Me.txt file, which has the ransom note, asking to either pay or contact the crooks directly via anonymous e-mail. In case your computer has been infected by the .lock Python ransomware, then we suggest that you read this article.

Threat Summary

Name.lock Ransomware
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files and prevent victims from opening them until they pay ransom of $100 in BitCoin.
SymptomsFiles are encrypted with an added .lock file extension and several enumerated “ReadMe.txt” files are dropped on the desktops of victimized computers.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by .lock Ransomware

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss .lock Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

.lock Ransomware – How Did I Get It and What Does It Do?

There are several different types of methods used to spread the .lock ransomware virus. They all involve getting victims to either click on a malicious URL or manually download and run the virus infeciton file. One of the methods used to spread this malware is likely by uploading it on a site, where it may pretend to be a program of some sort, like a license activator, crack, patch, key generator, portable program or other form of software. These programs could be on a compromised site, where you may be tricked into manually downloading them, thinking they are useful. One such file could end up to be the main infection file of the .lock virus:

→ SHA256: 7bdbbfcd53c33ae24d81ca5459b6cc15b9572a3df31e6c6a12a91b0181939bb4
Name: 123.exe

In addition to this, the .lock malware may also come on your computer via being sent over as an e-mail attachment. There, the virus may appear as if it is a legitimate document that is very important, like a letter from your bank, an invoice or a purchase receipt.

Whatever the case may be, once you run the malicious file, infection is inevitable. The 123.exe file may spawn a file, called dll.exe. This file may perform series of modifications on your compromised computer, including the following activities:

  • Interfere with your Windows Registry Editor.
  • Check if it has infected your PC before.
  • Delete backups and shadow copies from your PC.
  • Bypass and disable Windows Recovery and other services.

Among the activities of the .lock ransomware is to also drop a ransom note file, called ReadMe.txt. It has the following contents:

ENGLISH

Your files have been encrypted!

If you want to decrypt your files, send 100$ for this Bitcoin Wallet:

3CU67cnSDShTCGfcRic8bki1LGfRqM1vdw

Then send me Transaction ID:

EMAIL: [email protected]

The files that are encrypted by the .lock ransomware appear like the following:

The virus may target documents, images, audio files, videos and many other often used types of files. It is written in the language Python and may use advanced encryption in order to overwrite blocks of data from the files. After encryption, the .lock ransomware may generate decryption keys, which are only available to victims who pay the ransom – something which we would advise you against doing.

Remove .lock Ransomware and Try to Restore Encrypted Files

To get rid of this virus, you can follow the removal instructions below. For maximum effectiveness, we recommend using an advanced anti-malware software, that can do the removal for you and save a lot of time. To try and restore your files, you can see the alternative file recovery methods in the step “Try to restore” underneath. They may not be 100% effective, but with their help, you could be able to restore at least some of your files.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...