LCK Ransomware

What is LCK Ransomware?

No one really notices the exact moment things like LCK Ransomware reach them. Ransomware programs hide in plain sight because users download and execute the installer files themselves. They often do not realize that they open a file that will install something like LCK Ransomware on their computer because they are not aware of ransomware distribution methods. Hence, let’s learn more about how ransomware spreads, and let’s remove LCK Ransomware from the infected systems immediately. When we’re done with that, let’s see what we can do about your encrypted files.test

Where does LCK Ransomware come from?

Unfortunately, we cannot just point to one spam email campaign and say, “Hey, these are the people that spread this program around.” There’s no one exact infection vector here. We just know that this program usually travels via spam email attachments, and those attachments can masquerade as almost anything. It might try pass for official documents that you receive at work, like Excel sheets, PDF reports, shipping invoices, even picture files. The point is that the spam campaigns that distribute LCK Ransomware try to make it look as though you MUST open the attached file because it is of utmost importance.

If you fall for it, you follow down the path that was taken by the victims of Repl Ransomware, Homer Ransomware, Bmtf Ransomware, and many other infections that came from the Crysis Ransomware group. LCK Ransomware also belongs to this ransomware family, and it follows similar distribution and behavioral patterns. We more or less know what to expect from this infection, but it is rather hard to fix whatever it does to your files because it requires a unique decryption key.

Thus, it is extremely important to know how you can recognize a ransomware infection tangent. If you notice that the email you received is random, and the message inside is very urgent, at least scan the received file with a security tool. If the file is safe, you can proceed opening it without any ado. However, if the file is malicious, you will have dodged a bullet.

What does LCK Ransomware do?

If happen to get infected with LCK Ransomware either way, the time span between the infection and the encryption is very short. Of course, the program needs to scan your system as it detects all the files it can encrypt. However, it will soon lock up your files, and it will launch a ransom note in a separate window, that will say the following:


Don’t worry, you can return all your files!
If you want to restore them, follow this link: email YOUR ID [infection ID]
If you have not been answered via the link within 12 hours, write to us by e-mail:


  • Do not rename encrypted files.

  • Do not try to decrypt your data using third party software, it might cause permanent data loss.

  • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) and you can become a victim of scam.

As you can see, although LCK Ransomware doesn’t exactly say how much you are expected to pay for the decryption key, it does make an impression that their service is the only one you can trust. However, how can you even trust criminals? Even if you were to pay for the decryption, they might as well just collect the comment and scram. Hence, security experts are strongly against paying any kind of ransom fee, ever. Instead, you have to look for ways to restore your files and remove LCK Ransomware.

How do I remove LCK Ransomware?

This infection doesn’t drop additional files on your system, so you should just remove all the recent files you have downloaded from unfamiliar sources. If you don’t know which files you need to remove, scan your computer with the SpyHunter free scanner. A full system scan will indicate all the threats you need to remove.

Also, if you have a file backup (storage where you keep copies of your files), you can simply delete the encrypted data and transfer good copies back into your computer. Just make sure you have deleted all the malicious programs and files before you do that.

Manual LCK Ransomware Removal

  1. Delete the recent files from your Desktop.
  2. Open the Downloads folder.
  3. Remove the most recently downloaded files
  4. Press Win+R and type %TEMP%. Click OK.
  5. Delete the most recent files from the directory.
  6. Scan your computer with a licensed antispyware tool. 100% FREE spyware scan and
    tested removal of LCK Ransomware*

Leave a Comment

Enter the numbers in the box to the right *