KillerLocker Ransomware

What is KillerLocker Ransomware?

Fortunately, you cannot be attacked by KillerLocker Ransomware silently just yet as you may only find this malware infection on board if you knowingly downloaded it. As a matter of fact, our malware researchers at say that this malicious program is not even finished; therefore, it has not been distributed yet. It does not mean though that this program cannot become a real and major threat. In fact, this ransomware can encrypt your important files in main directories, which could cripple your system and you could lose a lot of files in this attack in the future. However, the variant we found and tested actually reveals its decryption key; therefore, there is no real danger of losing any files. Once you decrypt your files, you can easily remove KillerLocker Ransomware from your system. Please read on to learn more about this threat and the potential risks the future may hold.test

Where does KillerLocker Ransomware come from?

As we have already mentioned, for the time being as this ransomware is still in developmental stage, the most likely way for you to find it on your computer is that you yourself download it from the net. However, when it starts spreading, the authors will most likely use spam e-mails to deliver malicious attachments to their victims. Such spam e-mails may be able to evade your spam filter and end up in your inbox. Therefore, you need to be more careful about which e-mails you click on or what kind of attachments you save onto your hard disk. Such malicious mails can pretend to come from reputable companies, hotels, or even authorities. The subject would be something that would draw your attention to the attachment and would make you want to see it right away. For example, this spam could be about wrong credit card details given with regard to a hotel booking, mail delivery error, problem with an invoice, and the like. It is quite likely that you could not resist this kind of temptation. Unfortunately, this is exactly how most users infect their computer because when you open the downloaded file, it silently downloads and activates the ransomware in the background. By the time you realize that what you see is not even a valid document, your files will be encrypted and even if you delete KillerLocker Ransomware, you could not recover your files anymore. Well, in the case of the finished ransomware, of course.

How does KillerLocker Ransomware work?

This malicious program uses the usual AES-256 algorithm, which is part of the Windows Operating System indeed. This is why it is rather fast and may only take 20 seconds or maximum 1 minute for it to encrypt all your files, including .exe files in these folders: %ProgramFiles%, %APPDATA%, %USERPROFILE%\Desktop, %USERPROFILE%\MyPictures, and %LOCALAPPDATA%. This ransomware changes your file names by adding a “.rip” extension. When all is done, it creates a text file called “key.txt” on your desktop. This file holds the hardcoded decryption key that you can use to recover your files.

When the ransom warning window comes up it becomes clear that this threat is targeting Portuguese computer users. The Portuguese warning simply states that your files have been encrypted and that you have to pay a ransom fee within 2 days to be able to decrypt your files. There is a rather frightening-looking clown image in this window and a field at the bottom where you can insert the decryption key, which normally you are supposed to get only after you transfer the ransom fee. This amount is usually from 0.1 up to 1 BTC, or 60 to 600 US dollars; however, this warning does not disclose any details about this or the transfer method, let alone a contact e-mail address. We rarely say that it is safe to pay this fee to the cyber criminals behind such attacks because in reality there is never any guarantee that your files will be decrypted. In this case, of course, you just need to decrypt your files and remove KillerLocker Ransomware to be on the safe side of your virtual world.

How to delete KillerLocker Ransomware

As we have already revealed, all you need to do is use the “key.txt” file dropped on your desktop to copy the decryption key that needs to be inserted in the Key field in the ransom note screen. When the recovery is done, you can simply close this window and delete the related files. Please follow our guide below if you want to manually end this infection. For the best protection of your beloved PC, we suggest that you download and install a reputable anti-malware program, such as SpyHunter or any other security tool you can trust.

Remove KillerLocker Ransomware from your Windows

  1. Copy the decryption key from the “key.txt” file on your desktop.
  2. Paste the key into the box called “Key” at the bottom of the ransom note window and click Decrypt files.
  3. Once the decryption is over, exit the ransom note window.
  4. Tap Win+E.
  5. Delete the downloaded malicious executable file.
  6. Delete “key.txt” from your desktop.
  7. Empty your Recycle Bin and reboot your system.
100% FREE spyware scan and
tested removal of KillerLocker Ransomware*

Leave a Comment

Enter the numbers in the box to the right *