C0hen Locker Ransomware

What is C0hen Locker Ransomware?

C0hen Locker Ransomware locks not your computer, but some of the files located on it. To be more precise, the malicious application encrypts files, and, as a result, they become unreadable as victims cannot open them. There is a way to restore such data, but it requires having a decryptor and a unique decryption key. Sadly, only the malware’s developers may have these means that could restore files, and they demand a ransom in exchange for them. The worst part is that even if you pay what they ask, you might still end up being scammed. Therefore, we do not recommend putting up with the hackers’ demands. Also, we advise deleting C0hen Locker Ransomware as quickly as you can because if it stays, it might relaunch after you restart your computer and encrypt files that you may yet create or obtain. To learn how to eliminate C0hen Locker Ransomware as well as other things about it, we invite you to read our full report.

Where does C0hen Locker Ransomware come from?

C0hen Locker Ransomware could be spread through malicious websites where it could be offered as a software installer, an update, or some other file/application. Also, it could be delivered to targeted victims via email or various messaging applications. What we know for sure is that if you wish to avoid such threats, you have to be extremely careful with data received or downloaded from the Internet. We recommend paying attention to where files come from and not to what they seem to be because pictures, text files, and other data you would not think to be harmful could be malicious in disguise. The best way to find out if a file is dangerous or not is to scan it with a legitimate antimalware tool that could carefully check it and tell you whether you should or should not open it.

How does C0hen Locker Ransomware work?

First, the malicious application should block your Task Manager. As you see, being unable to access it might make it difficult to kill the malware’s process, which might buy the threat the time it needs to encrypt your files. Of course, you might not notice that C0hen Locker Ransomware is on your system anyway because the infection should work silently in the background until it finishes encrypting targeted files. According to our researchers at Anti-spyware-101.com, the sample they tested encrypted only the data that was located in particular folders on %USERPROFILE%. To be more accurate, the targeted folders were: Desktop, Downloads, Documents, Music, Pictures, Videos, Recent, and Favorites.

After the threat encrypts files, it should mark them with the .c0hen extension, for example, text.docx.c0hen. The next thing that C0hen Locker Ransomware should do is open a warning message that explains what happened to a user’s files and how to get tools to restore them. The cybercriminals may ask a payment of .015 BTC. At the moment of writing, it is around 1300 US dollars. It is not a small sum, as many creators of similar threats ask smaller amounts. This is why we recommend thinking carefully if you are prepared to risk losing such a sum in vain. If you are not, we encourage you not to pay the ransom.

How to erase C0hen Locker Ransomware?

No matter what you decide about the hackers’ offer, we advise not to wait too long and eliminate C0hen Locker Ransomware. If you think you can deal with it manually, you could follow the instructions available at the end of this paragraph. The other way to remove C0hen Locker Ransomware is to employ a legitimate antimalware tool, do a full system scan, and click the displayed deletion button to get rid of all detections.

Restart your system in Safe Mode with Networking

Windows 8/Windows 10

1. Click the Power button after pressing Windows Key+I.
2. Tap and hold the Shift key, then pick Restart.
3. Pick Troubleshoot from the Advanced Options menu.
4. Select Startup Settings, press Restart, then click the F5 key and restart the system.

Windows XP/Windows Vista/Windows 7

1. Navigate to Start and click the Shutdown options.
2. Select Restart, then press and hold the F8 key as soon as the computer begins restarting.
3. Choose from Safe Mode or Safe Mode with Networking in the Advanced Boot Options window.
4. Press Enter and log on.

Remove C0hen Locker Ransomware

1. Click Windows key+E.
2. Locate these paths:
   %TEMP%
   %USERPROFILE%\Downloads
   %USERPROFILE%\Desktop
3. Locate the malicious application’s launcher, right-click it, and select Delete.
4. Exit File Explorer.
5. Press Windows key+R.
6. Insert Regedit and click Enter.
7. Locate the given directory: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
8. Find a value name titled c0hen locker, right-click it, and press Delete.
9. Exit Registry Editor.
10. Empty your Recycle Bin.
11. Restart the computer. Download Removal Tool100% FREE spyware scan and
    tested removal of C0hen Locker Ransomware*