| Name | Trojan.LockScreen |
| Type | Ransomware, Trojan |
| Short Description | May encrypt important files and gives decryption keys upon paying ransom which is usually financial compensation. |
| Symptoms | Appearing of different objects in various user folders or the Desktop or on startup. Files encoded with unfamiliar extensions |
| Distribution Method | Spam mails. MiTM attacks, malicious redirects. |
| Detection tool | Download SpyHunter, to See If Your System Has Been Affected By Trojan.LockScreen |
| Data Recovery Tool | Windows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive. |
This type of trojan horse is connected closely with Police Association Ransomware, FBI Moneypak ransomware and ‘Votre ordinateur est bloque en raison du delit de la loi de la France ‘ ransomware infections. It is a mix of different Trojans and is created with the sole purpose of treating users for ransom and steal their money.
What Is Trojan.LockScreen?
The .LockScreen family of Trojans is familiar in the IT security world with the behavior of targeting PCs mainly in te European Union and displaying different ransomware messages with demands. Such Trojans threaten the average users with the pretext their files are encrypted. The only mean to decrypt them is if they pay ransom money, usually in bitcoin via an integrated application in the message, situated directly on the computer or by using the anonymous Tor browser. The messages may include claiming that the files have been encrypted by law enforcement (FBI, NSA, etc.) for security purposes.
In case you discover a threatening pop-up message or a message set as your wallpaper along with your homepage, it is a clear signal that this threat has infected you.
Trojan.Lockscreen – How Did I Become Infected?
There are many means of infection which the .Lockscreen family of Trojans may employ. The most successful may be email spoofing. This method conceals the email address of the attacker, changing it to a familiar address to the user along with an attached file. For example, if your boss’s email is [email protected] the attacker may assume this mail along with an attachment document that may carry a malicious virus that could install the ransomware on the computer by replicating executable files.
After it is on your computer, the Trojan may detect your IP address. Then it will begin to modify system settings that give it certain permissions to make changes in Windows. Some of those changes may include new entries in the Windows Registry Editor that may allow it to close any antivirus programs, Windows Firewall, and other defenses. This is why experts recommend to disconnect immediately from the internet and download an advanced anti-malware program from an uninfected device and then perform an offline scan to remove all associated files with Trojan.Lockscreen.
Other changes this threat may do is modify certain settings that may allow it to start up automatically with Windows. More so, the risk is believed to connect to a remote server that may belong to the attackers. This may give them additional permissions, which could be the deletion of user files at any point in time. Also it provides them with the ability to conduct attacks using the victim PCs credentials, making it look like it came from this machine. Cyber criminals have networks of such computers, called botnets or ‘zombie’ networks. This is less likely, but the Trojan may be modified to do it to perform a larger ransomware campaign simultaneously.
The ransom note may include various demands, mainly in bitcoins, ranging from 100 euros to much more. Some believe that the ransom amount is connected with the importance of the content of the files that are encrypted. The files are usually locked with either AES or RSA encryption algorithms that both take a lot of time to decrypt. However, experts advise never to comply with attackers’ requests since these files may be different files with the same name but only may look encrypted. Another reason not to comply is that there is no guarantee that you will receive your decrypting key after paying the ransom.
How To Remove Trojan.Lockscreen?
In case you are looking to remove Trojan.Lockscreen the first thing you should do is isolate the threat. To do this immediately disconnect your equipment from the internet and then follow the step-by-step guide below. It will assist you with booting your PC in an safe offline mode where you can scan and eliminate the threat with a particular powerful anti-malware program. It is not advisable to do it manually since you can crash your OS, and it is also not a guarantee that you will remove all files associated with Trojan.Lockscreen completely. An anti-malware program looks not only for files in its definitions, but also new objects that out of the ordinary and this is why you should download and install such software as fast as possible from a safe PC and use an USB stick to input it on your computer.
Pro tip: Make sure you either download an offline installer or boot in safe mode with networking so you can update the anti-malware program to its latest definitions for a better result. Also, make sure you extract the encrypted files so you can deal with them at a later state. For best results, you should follow the guide below.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter
Trojan.Lockscreen – How To Protect Your Files?
In case you have seen ransomware attacks, you might want to back up your data. To perform this action, you should guide yourself by the after mentioned manual.
Security engineers recommend that you back up your files immediately, preferably on an external memory carrier in order to be able to restore them. In order to protect yourself from Trojan.LockScreen (For Windows Users) please follow these simple instructions:
For Windows 7 and earlier:
1-Click on Windows Start Menu
2-Type Backup And Restore
3-Open it and click on Set Up Backup
4-A window will appear asking you where to set up backup. You should have a flash drive or an external hard drive. Mark it by clicking on it with your mouse then click on Next.
5-On the next window, the system will ask you what do you want to backup. Choose the ‘Let Me Choose’ option and then click on Next.
6-Click on ‘Save settings and run backup’ on the next window in order to protect your files from possible attacks by Trojan.LockScreen.
For Windows 8, 8.1 and 10:
1-Press Windows button + R
2-In the window type ‘filehistory’ and press Enter
3-A File History window will appear. Click on ‘Configure file history settings’
4-The configuration menu for File History will appear. Click on ‘Turn On’. After its on, click on Select Drive in order to select the backup drive. It is recommended to choose an external HDD, SSD or a USB stick whose memory capacity is corresponding to the size of the files you want to backup.
5-Select the drive then click on ‘Ok’ in order to set up file backup and protect yourself from Trojan.LockScreen.
Enabling Windows Defense Feature:
1- Press Windows button + R keys.
2- A run windows should appear. In it type ‘sysdm.cpl’ and then click on Run.
3- A System Properties windows should appear. In it choose System Protection.
5- Click on Turn on system protection and select the size on the hard disk you want to utilize for system protection.
6- Click on Ok and you should see an indication in Protection settings that the protection from Trojan.LockScreen is on.
Restoring a file via Windows Defense feature:
1-Right-click on the encrypted file, then choose Properties.
2-Click on the Previous Versions tab and then mark the last version of the file.
3-Click on Apply and Ok and the file encrypted by Trojan.LockScreen should be restored.
