GNL Locker Ransomware

What is GNL Locker Ransomware?

GNL Locker Ransomware is yet another malicious program that was created to extort money from users who get infected. The malware locks various file types, but mainly it is after user’s personal data, such as documents, photographs, pictures, videos, and so on. Its creators threaten to triple the ransom fee if users do not pay until the given deadline. Currently, the asked price for the decryption varies from about $190 to $250. If you do not consider paying the ransom, you should eliminate the malware. Provided that you have a backup on removable media devices, you could recover your files from it. The instructions below will help you delete the malicious program, but before you erase it, we advise you to read more about the malware and learn how to protect your system from ransomware.

Where does GNL Locker Ransomware come from?

Our researchers at Anti-spyware-101.com learned that the malware is distributed through Spam email. GNL Locker Ransomware’s victims should receive an email that contains infected attachments or links to malicious websites. Such letters could look like they come from legitimate sources and it might be hard to tell that the statements are fake. However, when it comes to email attachments, you cannot be careless. If you do not have an antimalware tool installed, it might be enough to enter the site or launch a malicious file, and your computer could get infected.

What does GNL Locker Ransomware do?

If your data was locked by GNL Locker Ransomware, your files should have the .locked extension at the end. Once your data is encrypted, the malware should change your Desktop background by changing it with the UNLOCK_FILES_INSTRUCTIONS.png. Also, it might place text documents (UNLOCK_FILES_INSTRUCTIONS.txt) on Desktop and every other location that contains locked files. Both the picture and the text document will provide instructions from the malicious program’s developers. It says that you can get all your files back if you pay the ransom. It appears to be that the wanted sum might be different for each user. Unlike other ransomware programs that double the ransom, GNL Locker Ransomware threatens to triple it if you do not make it in time. The rest of the text explains how to transfer the money.

GNL Locker Ransomware encrypts data with the RSA-2048 encryption system. Of course, to decrypt the files you need a unique key that was created in the process. Unfortunately, paying the ransom does not guarantee that you will get the decryption key. Cyber criminals do not care about your data, and they might not bother to unlock it after they receive the payment. Although there is no decryptor available at the moment, it could be created given some time.

How to remove GNL Locker Ransomware?

Removing GNL Locker Ransomware will not unlock your files, but leaving the malicious file that executes the malware would not be wise. The file that you need to remove should have a .bat extension, e.g. freepalistine.bat. However, the title could be different for each user, so you will have to find such suspicious files on your own. The good news is that we know the exact location where you should look for it, so slide below the text and follow the provided removal instructions. If looking for a random file does not seem like an easy task, then you should try automatic removal. This option is available with an antimalware tool that could be useful in the future too. For instance, if you regularly update it, the antimalware tool should be able to guard your system against different malware.

Delete GNL Locker Ransomware

  1. Open the Explorer (Win+E).
  2. Copy and paste the given location: %APPDATA%\Roaming
  3. Find random .bat file and right-click to Delete it.
  4. Erase all text documents related to the malware (e.g. UNLOCK_FILES_INSTRUCTIONS.txt).
  5. Close the Explorer and empty your Recycle bin.
100% FREE spyware scan and
tested removal of GNL Locker Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *