.seed (SEED LOCKER) Files Virus – How to Remove It
THREAT REMOVAL

.seed (SEED LOCKER) Files Virus – How to Remove It

This article has been created with the main idea to explain what is SEED LOCKER ransomware and how you can remove it from your computer and try to restore .seed encrypted files.

A new ransomware virus, called SEED LOCKER was recently reported to encrypt the files on the computers, compromised by it to extort their owners to pay ransom to the cyber-criminals. In addition to this, the SEED LOCKER ransomware may also display a ransom note, containing the extortionists’ ransom message to victims, called !#_How_to_decrypt_files_#!.txt. The note demands victims to contact the crooks on [email protected] or [email protected] e-mails. If your computer has become a victim of the SEED LOCKER infection, we suggest that you read the article underneath carefully.

Threat Summary

NameSEED LOCKER
TypeRansomware, Cryptovirus
Short DescriptionAims to encrypt the files on the computers compromised by it in order to extort victims to pay ransom to get the files back.
SymptomsFiles are encrypted with the added .seed file extension. SEED LOCKER drops a ransom note, called !#_How_to_decrypt_files_#!.txt.
Distribution MethodSpam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by SEED LOCKER

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss SEED LOCKER.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

SEED LOCKER – Distribution

SEED LOCKER ransomware aims to infect victims by different mehtods. The crooks who are behind it may upload the infection file of the ransomware virus by attaching it to multiple different e-mails, where the file may pretend to be leigtimate document, like:

  • Picture.
  • Invoice.
  • Receipt.
  • Work-related document.

In addition to being sent to infect via e-mail, the SEED LOCKER infection file may also come on your computer as a result of having it’s malicious file to be uploaded on various different types of sites, where it may pretend to be a legitimate program, such as:

  • Crack.
  • Patch.
  • Activator.
  • Portable version of a program.

SEED LOCKER Ransomware – Activity

The SEED LOCKER ransomware virus aims to drop it’s payload files upon victim infection. The files are generally located in the following Windows directories under different, often random names:

  • %AppData%
  • %Local%
  • %Roaming%
  • %LocalLow%
  • %Temp%

In addition to this, SEED LOCKER ransomware may also drop it’s ransom note file, called !#_How_to_decrypt_files_#!.txt:

>>>>>>>>>>>>>>>>>>>>>>>>>>>> SEED LOCKER <<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>> SEED LOCKER <<<<<<<<<<<<<<<<<<<<

The ransom note even offers victims to decrypt 3 files for free as a guarantee that they can decrypt their files if victims pay the ransom. Even if you send 3 files for free decryption, it is strongly recommended to not pay any form of ransom, since you cannot trust the criminals who encrypted your files and helping them only makes them expand their operation.

In addition to dropping files, the SEED LOCKER ransomware may also create multiple mutexes and interact with system files of Windows. This may result in the ransomware virus obtaining administrative permissions on the victim’s computer. This may be done to interfere with the following registry sub-keys:

→HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

In addition to this, the SEED LOCKER ransomware may also execute some or all of the following commands to delete your shadow copies and disable Windows recovery:

→sc stop VVS
sc stop wscsvc
sc stop WinDefend
sc stop wuauserv
sc stop BITS
sc stop ERSvc
sc stop WerSvc
cmd.exe /C bcdedit /set {default} recoveryenabled No
cmd.exe /C bcdedit /set {default} bootstatuspolicy ignoreallfailures
C:\Windows\System32\cmd.exe” /C vssadmin.exe Delete Shadows /All /Quiet

SEED LOCKER – Encryption Process

In order to encrypt files on the computer that is infected by it, the SEED LOCKER ransomware may first check if the virus has been activated on the same machine before and more importantly, if it’s running in a virtual drive and not a real PC. If yes, the virus may self-delete, but if it’s running on an actual PC, it may scan for and encrypt files that have the following file extensions:

→ “PNG .PSD .PSPIMAGE .TGA .THM .TIF .TIFF .YUV .AI .EPS .PS .SVG .INDD .PCT .PDF .XLR .XLS .XLSX .ACCDB .DB .DBF .MDB .PDB .SQL .APK .APP .BAT .CGI .COM .EXE .GADGET .JAR .PIF .WSF .DEM .GAM .NES .ROM .SAV CAD Files .DWG .DXF GIS Files .GPX .KML .KMZ .ASP .ASPX .CER .CFM .CSR .CSS .HTM .HTML .JS .JSP .PHP .RSS .XHTML. DOC .DOCX .LOG .MSG .ODT .PAGES .RTF .TEX .TXT .WPD .WPS .CSV .DAT .GED .KEY .KEYCHAIN .PPS .PPT .PPTX ..INI .PRF Encoded Files .HQX .MIM .UUE .7Z .CBR .DEB .GZ .PKG .RAR .RPM .SITX .TAR.GZ .ZIP .ZIPX .BIN .CUE .DMG .ISO .MDF .TOAST .VCD SDF .TAR .TAX2014 .TAX2015 .VCF .XML Audio Files .AIF .IFF .M3U .M4A .MID .MP3 .MPA .WAV .WMA Video Files .3G2 .3GP .ASF .AVI .FLV .M4V .MOV .MP4 .MPG .RM .SRT .SWF .VOB .WMV 3D .3DM .3DS .MAX .OBJ R.BMP .DDS .GIF .JPG ..CRX .PLUGIN .FNT .FON .OTF .TTF .CAB .CPL .CUR .DESKTHEMEPACK .DLL .DMP .DRV .ICNS .ICO .LNK .SYS .CFG”

After encryption, SEED LOCKER adds it’s own file extension .seed and the files begin to appear like the following:

The encryption process of .seed file ransomware may be conducted with the aid of several different types of malicious activities in order to replace blocks of data from the original file with encrypted data in order to render the file itself no longer openable.

Remove SEED LOCKER and Try Restoring .seed Files

If you want to remove the SEED LOCKER ransomware virus, we would strongly suggest that you follow the removal instructions underneath this article. They have been created with the primary idea to help you delete these virus files even manually or automatically from your computer. If manual removal does not seem to give any results, we recommend that you remove SEED LOCKER automatically from your computer, preferrably by downloading an advanced anti-malware software and running a scan of your computer with it. Such scan will ensure that all the malicious files an objects are deleted from your comptuer and it is secured.

If you want to try and restore files, encrypted by SEED LOCKER, we recommend that you see the alternative file recovery methods down below. They have been made to help you restore as many encrypted files on your computer as possible.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...