Lokas Ransomware

What is Lokas Ransomware?

Lokas Ransomware is a computer infection that is there to encrypt your files. This program is just like other ransomware infections out there. It wants you to pay the ransom fee, and it says that if you pay, it will give you the decryption tool that will restore your files. Is that promise legit? Most probably not. Therefore, you need to focus on removing Lokas Ransomware from your system today. It might be challenging to restore your files, but there are several file recovery options available, and you should try them all before waving the white flag.test

Where does Lokas Ransomware come from?

Our research shows that Lokas Ransomware is yet another version of the STOP Ransomware infection. The program works just like the original one; the difference is just in the appendix that is added to the affected files. Therefore, Lokas Ransomware must have entered your system using the same methods as all the other infections in the STOP Ransomware group.

Now, programs from the STOP Ransomware family usually employ spam email campaigns and corrupted RDP connections. We always say that users can avoid getting infected with ransomware if only there were careful enough, and that’s true.

Since Lokas Ransomware comes with spam email, you just need to delete spam email messages without opening the attached files. Of course, we understand that sometimes spam emails that carry malware may look quite believable. Like, the ransomware installer might look like an invoice from an online store, or like a document from your business partner. However, you can always check whether the document is safe by scanning it with a security application BEFORE you open it.

The bottom line is that you shouldn’t open files you received from unfamiliar senders without any second thought. When in doubt, always scan them beforehand.

What does Lokas Ransomware do?

As you can probably tell from the program’s name, this infection holds your files hostage hoping that you will pay a ransom fee. When the infection is launched, it encrypts the user’s files immediately. All the affected files receive the “.lokas” appendix to their filenames. The original filename doesn’t get changed, so you will still see the lists of your files. Needless to say, the system will not be able to read those files because the information within the files got scrambled. And it might seem that the only way to restore your files is by paying the ransom. Lokas Ransomware also enforces this idea by displaying the following ransom note:

ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
<…>
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.

If you have encountered other infections from the STOP Ransomware family before, you can probably see at the ransom note displayed by Lokas Ransomware is practically identical to the ransom notes showed by other programs in the group. That is because they all are different versions of the same infection.

The truth is that even if you were to pay the ransom, there are no guarantees that the criminals would issue the decryption key. Also, Lokas Ransomware was released a while ago, so there is a good chance that a public decryption tool for this infection is available.

How do I remove Lokas Ransomware?

Removing this infection on your own is a bit tedious because this program drops quite a few files on your system. You can find the manual removal instructions added at the bottom of this description. However, it would be for the best to acquire a legitimate security tool that will help you remove Lokas Ransomware automatically, and you will be done with it for good.

If the public decryption tool is available, you can restore your files without too much trouble. On the other hand, you might also have copies of your files saved on some storage device or service. If that is the case, simply remove the encrypted files and transfer the healthy copies back into your computer.

Manual Lokas Ransomware Removal

  1. Press Win+R and type %WinDir%. Click OK.
  2. Go to Tasks and System32/Tasks to delete the Time Trigger Task.
  3. Press Win+R and type regedit. Click OK.
  4. Open HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  5. On the right side, right-click and delete the SysHelper value (with random-named EXE file in description).
  6. Press Win+R and access %LOCALAPPDATA% and %UserProfile% directories.
  7. From these directories, delete a folder with a CLSID format name.
  8. Scan your computer with SpyHunter. 100% FREE spyware scan and
    tested removal of Lokas Ransomware*
Disclaimer
Disclaimer

Leave a Comment

Enter the numbers in the box to the right *