VHD Locker Ransomware – Remove and Restore Your Data
THREAT REMOVAL

VHD Locker Ransomware – Remove and Restore Your Data

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by VHD Locker and other threats.
Threats such as VHD Locker may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you remove VHD Locker ransomware completely. Follow the ransomware removal instructions provided at the end of the article.

VHD Locker is a ransomware virus that will lock your data if your computer gets infected with it. Your files will be placed and locked in a Virtual Hard Disk (VHD), hence the name VHD Locker. The ransom price that is demanded by the cybercriminals behind this virus is 0.5 Bitcoins. Keep on reading to see how you could try to potentially restore some of your data.

Threat Summary

NameVHD Locker
TypeRansomware
Short DescriptionThe ransomware will lock your files and demand payment for unlocking them.
SymptomsThe ransomware will move your files to a Virtual Hard Disk (VHD) and lock it. It displays a ransom note afterward that lists 0.5 Bitcoins as a ransom payment.
Distribution MethodSpam Emails, Email Attachments
Detection Tool See If Your System Has Been Affected by VHD Locker

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss VHD Locker.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

VHD Locker Ransomware – Infection Spread

VHD Locker ransomware could spread its infection via different methods. The payload file that initiates the malicious script for this ransomware, which in turn infects your computer device, has been seen in the wild by malware researchers.

VHD Locker ransomware might also distribute its payload file on social media sites and file-sharing services. Freeware found on the Web can be presented as helpful but could also hide the malicious script for the virus. Refrain from opening files right after you have downloaded them, especially if they come from suspicious sources like links and e-mails. Instead, you should scan them beforehand with a security tool, while also checking their size and signatures for anything that seems out of ordinary. You should read the ransomware prevention tips topic in our forum.

VHD Locker Ransomware – Technical Overview

VHD Locker is a ransomware virus. The name of the ransomware comes from its feature to lock the files inside a Virtual Hard Disk.

VHD Locker ransomware could make entries in the Windows Registry to achieve persistence, launch and repress processes in Windows. Some entries are designed in a way that will start the virus automatically with each launch of the Windows Operating System.

The ransom note will appear after your computer system becomes infected with VHD Locker ransomware. The note is written in English and is contained in a file named PLEASE READ.txt. Inside it you will find details about what the crooks behind the virus want you to do regarding payment.
You can see the ransom note right here below:

That ransom note reads the following:

Hello there. You can also use xxxxs://translate.google.com/

I would like to tell you first I’m sorry about that. Your documents, files, database, most are in original places or some moved to your local data. If
you want to regain access to your local data please send 0.5 BTC (Bitcoin) to this address: 1AKjQCDsYBesGE1V7UGdGadbRop41py1ch as fast as
you can and email me at [email protected] If you dont know what bitcoin is, please ask me for bitcoin website that you can buy it
fast or search on google for a local Bitcoin shop or ATM and transfer 0.5 BTC to this address: 1AKjQCDsYBesGE1V7UGdGadbRop41py1ch

It’s not my fault if you are trying to format disk and lose all, encrypted files are not recoverable without bitlocker passoword. Here are only one
way to get all back and regain access to your local hard disk drive and this way is to send 0.5 Bitcoin to this address:
1AKjQCDsYBesGE1V7UGdGadbRop41py1ch

It’s just business not trying to get your money and then to not give your bitlocker password. Only me can give your password to unlock your
Locals Disk so this is the only chance to get all back. Waiting for your reply to my email address ([email protected] or to my second
email in case gmail not work [email protected]) if you wanna get the bitlocker password.

If you have any questions please feel free to contact me at anytime.

Thanks for your time!

PS: Your files are here on VIRTUAL HARD DISK the location is here
C:\drivers\s.vhd
See here how to open your drive
xxxxs://www.youtube.com/watch?v=m3Pxn23dFuQ

The note of the VHD Locker ransomware states that your data is placed inside a Virtual Hard Disk and locked with a password that only the cybercriminal has in his possession. To get that password, you are required to pay the amount of 0.5 Bitcoins, which equates to 552 US dollars at the time of writing this article. You should NOT under any circumstances pay the ransom sum. Nobody can guarantee that you will get your files back. Moreover, giving money to these criminals will likely motivate them to create more ransomware and do other criminal activities.

For the moment it is unknown exactly which file types the VHD Locker ransomware is after, but files with the following extensions are most likely to get encrypted:

→.jpg, .jpeg, .docx, .doc, .xlsx, .xls, .ppt, .pdf, .png, .odt, .pptx, .msg, .rar, .mdb, .zip

The VHD Locker virus is possible to delete the Shadow Volume Copies from the Windows Operating System by using the following command:

→vssadmin.exe Delete Shadows /All /Quiet

Keep on reading and see in what ways you could try to potentially restore some of your data.

Remove VHD Locker Ransomware and Restore Your Data

If your computer got infected with the VHD Locker ransomware virus, you should have a bit of experience in removing malware. You should get rid of this ransomware as quickly as possible before it can have the chance to spread further and infect other computers. You should remove the ransomware and follow the step-by-step instructions guide provided below.

Note! Your computer system may be affected by VHD Locker and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as VHD Locker.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove VHD Locker follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove VHD Locker files and objects
2. Find files created by VHD Locker on your PC

IMPORTANT!
Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
4. Try to Restore files encrypted by VHD Locker

Berta Bilbao

Berta is a dedicated malware researcher, dreaming for a more secure cyber space. Her fascination with IT security began a few years ago when a malware locked her out of her own computer.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...