L0cked Ransomware

What is L0cked Ransomware?

A malicious file-encrypting infection called L0cked Ransomware was discovered recently. Anti-Spyware-101.com research team has investigated it, and it appears that the threat has not been fully completed yet. Of course, it is also a possibility that it is a failed attempt at creating a fully functional file encryptor. Our research has revealed that the current version of the infection does not corrupt files; however, the threat can introduce victims to the demands anyway. Without a doubt, following them is not advised under any circumstances, and even if the malicious ransomware ends up encrypting every single personal file on your computer, following the instructions and paying the ransom is a terrible idea. Why? That is because the cyber criminals behind this infection have one thing on their mind, and that is your money. They can promise you anything just to get the money, and, unfortunately, they are unlikely to keep their promises once they do get it. In this report, we discuss the removal L0cked Ransomware, as well as ways to protect personal data and the operating system against malware in the future.testtest

How does L0cked Ransomware work?

L0cked Ransomware was created to serve the same purpose as Avcrypt Ransomware, BlackRuby-2 Ransomware, Xorist-XWZ Ransomware, and many other file encryptors. Although they are created by different parties, and they can be distributed in unique ways, several tendencies have been discovered. In most cases, ransomware is distributed with the help of corrupted spam emails that contain the launchers or by exploiting vulnerable RDP channels. If the infection manages to slither in silently, without alarming the user or the existing anti-malware software, it can successfully encrypt files. Although, as we mentioned earlier, the current version of L0cked Ransomware does not encrypt files, our researchers have found that if it did, it would attach the “.lckd” extension to their names. Most ransomware infections add unique extensions to act as markers, and when the victim discovers that many of their personal files have these extensions and that they cannot be opened, they are more likely to give into the pressures of cyber criminals. Though we do not have enough information at this point, it is most likely that documents, photos, and media files would be the main targets if the victim did not delete L0cked Ransomware in time.

The malicious L0cked Ransomware creates a file in the %PUBLIC%\Pictures\ folder. The sample we tested created a file named “BK.jpg,” but the name of this file could change. This file replaces the original background image to ensure that a message created by cyber criminals greets the victim every time they access their computer. According to the message, the files are encrypted, and the victim must email decryptorsoon301@aol.com for more information. This message is very short, but that is only because the full ransom note is delivered via a window that is launched from the same .exe file that launched L0cked Ransomware itself. According to this message, you are expected to pay a ransom of $250 in Bitcoins to a unique Bitcoin Wallet within 3 days to ensure that the decryption of files is possible. As we have discussed already, paying the ransom and fulfilling other demands made by cyber criminals is most likely to be futile. That is why it is recommended that you focus on removing the threat rather than wasting your money.

How to remove L0cked Ransomware

Hopefully, your files were not encrypted even if L0cked Ransomware has invaded your operating system. If it did, you might have to accept the loss of your personal files. Of course, you could take a risk and pay the ransom and communicate with cyber criminals, but the chances of this working in your favor are very slim. The best way to protect your personal files against threats like this one in the future is by backing them up externally (on a hard drive or online) because that ensures that copies of your files exist even if malware corrupts the originals. Of course, you want to keep the operating system protected as well, and that can be done by reliable anti-malware software. You can use it to automatically delete L0cked Ransomware too. If you are not interested in that, use the guide below to remove this malicious threat yourself. Note that the location and the name of the original launcher are not known, and you will need to figure that out yourself.

Removal Instructions

  1. Identify and Delete the malicious {unknown name}.exe file that launched the ransomware.
  2. Tap Win+E to launch Windows Explorer and then enter %PUBLIC%\Pictures\ into the bar at the top.
  3. Right-click and Delete the file named BK.jpg (remember that the name could be unique).
  4. Empty Recycle Bin to erase the malicious components and then immediately perform a full system scan. 100% FREE spyware scan and
    tested removal of L0cked Ransomware*


Leave a Comment

Enter the numbers in the box to the right *