Remove LockLock Virus and Restore .locklock Files - How to, Technology and PC Security Forum | SensorsTechForum.com
THREAT REMOVAL

Remove LockLock Virus and Restore .locklock Files

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by LockLock and other threats.
Threats such as LockLock may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

stf-locklock-ransomware-lock-crypto-virus-eda2-ransom-note

LockLock appears to be another ransomware cryptovirus that is based on the open-source EDA2 project. The virus encrypts a victim’s files and puts up a ransom note with contact details. When encryption is complete, the ransomware places the extension .locklock to them. If you have been infected by the virus and want to try to restore your files, you should read the article carefully.

Threat Summary

NameLockLock
TypeRansomware, Crypto-Virus
Short DescriptionThe ransomware will encrypt your files AES-256 algoritm for the encryption process. It wants you to buy a decryption password from its creator.
SymptomsThe ransomware will lock all files with the .locklock extension appended to them and display a ransom note with instructions on your desktop.
Distribution MethodSpam Emails, Email Attachments, Executable Files
Detection Tool See If Your System Has Been Affected by LockLock

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss LockLock.

LockLock Virus – Infection Spread

The LockLock virus is possible to spread with various methods. Malware researchers report that most infections are on Chinese users. Spam email campaigns are probably the most common tactic for spreading this infection. A spam email consists of a brief description which tries to convince the user that is of great importance and the full information is on a file attached to the letter. Such files may seem harmless, but if opened, they can release the payload of the cryptovirus and infect your computer machine.

Social media services or file-sharing networks two other ways which the LockLock ransomware utilize. A file which has a malicious script in it can be placed on these networks and be advertised as a useful application. If such a file is opened, its payload will be released, rendering your system compromised. Preventing that from happening is to avoid any suspicious email letters, links, or files. Before opening a file, check its signatures first, then its size and afterward, scan it with security software. You can read more ransomware prevention tips from our forum.

LockLock Virus – Technical Analysis

The LockLock virus is a ransomware which is based on the EDA2 open-source project. The project was created for educational purposes by some researcher, but it is being used in lots of real-life attacks to this very day.

The LockLock ransomware might create an entry in the Windows Registry such as:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

This entry allows LockLock to auto-start with each boot of the Windows Operating System.

When the encryption of all of your data is complete, the file READ_ME.TXT will be created. The file contains some contact details of the cyber-criminals behind the virus.

Below you can see the ransom note of the LockLock ransomware:

stf-locklock-ransomware-lock-crypto-virus-eda2-ransom-note

The above image will be set as your desktop background. The text in it reads:

HELLO!
YOUR COMPUTER HAS BEEN HACKED!
All files in your computer has been encrypted by RSA key
You can not OPEN and READ content in file

HOW TO RESTORE ALL FILES?
YES. I can help you and ONLY me can do it!
To UNLOCK your files you must:
1. Download tool “Decrypter LockLock virus”
2. Visit http://locklock.net and read information.
3. Enter Your Computer ID: (Open “READ_ME.TXT” on Desktop)
4. Run tools and enter Your Key then Click “Decrypt” button.
DONE. ALL FILE RESTORED!
—————-
If you can not access website above, you can contact me:
– Email: [email protected]
– Skype Chat: locklockrs

The LockLock virus does not push its victims to pay the ransom on any given time limit, nor does it set a price for paying the ransom. Both the ransom note and READ_ME.TXT point to two ways for contacting the cyber criminals, if the site does not work:

The site given in the ransom note does not work indeed. The Apache server seems to be down, as you can see that from the image right here:

stf-locklock-ransomware-lock-crypto-virus-eda2-apache-server-down

Do NOT contact these cyber crooks in any circumstance. There is nothing that can guarantee that you will get your files unlocked by contacting ransomware creators. Any financial support will just raise funds for more criminal activity.

The LockLock ransomware is known to encrypt files that are deemed most important for users. The list with encrypted file extensions may be incomplete, but here these extensions are surely to be encryted:

→.doc, .docx, .docm, .txt, .odt, .psd, .pdf, .xls, .xlsm, .xlsx, .jpg, .jpeg, .png, .bmp, .tiff, .html, .ppt, .pptx

All encrypted files will end up with the same extension, which is .locklock. The ransomware uses the AES-256 algorithm for its encryption. That is the same encryption method used for most EDA2 ransomware viruses.

You can see the detections of this virus on the VirusTotal website:

stf-locklock-ransomware-lock-crypto-virus-eda2-sample-detections-virus-total

The LockLock ransomware probably erases the Shadow Volume Copies from the Windows Operating System. Read below to learn how to remove this threat and how you can try to restore your files.

Remove LockLock Virus and Restore .locklock Files

If your computer got infected with the LockLock ransomware virus, you should have some experience in removing malware. You should get rid of this ransomware as fast as possible before it can have the chance of spreading further and infect more PCs. You should remove the ransomware and follow the step-by-step instructions guide given below. To see ways that you can try to recover your data, see the step titled 3. Restore files encrypted by LockLock.

Note! Your computer system may be affected by LockLock and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as LockLock.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove LockLock follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove LockLock files and objects
2. Find files created by LockLock on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by LockLock

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...