MedusaLocker Ransomware

Posted by Sarah Stewart on January 6, 2020

What is MedusaLocker Ransomware?

Keep one thing in mind: Your Windows operating system is vulnerable. MedusaLocker Ransomware is one of the many threats that could try to invade it if you are not cautious. This threat is controlled by cybercriminals who care about nothing else but money, and they are willing to do whatever it takes to get it. Unfortunately, it is fairly easy for them to reach their goals using an efficient file encryptor. All they have to do is corrupt your personal files and make a few demands. If you value your files, it is likely that the attackers could convince you to do some risky things. Hopefully, you have done nothing yet. Continue reading this report, and you will understand how dangerous it could be for you to follow the instructions of cybercriminals. Remember that, in any case, you will need to delete MedusaLocker Ransomware from your Windows operating system. We hope that the removal process will be a little easier for you because of the information gathered by our Anti-Spyware-101.com research team.test

How does MedusaLocker Ransomware work?

MedusaLocker Ransomware is unlikely to have been created by anyone who stands behind Afrodita Ransomware, TurkStatik Ransomware, SaveTheQueen Ransomware, or many other file-encrypting threats, but these infections are pretty similar. At first, they need to enter your operating system, and attackers know plenty of ways to ensure that. In most cases, victims of ransomware are exposed to it via spam emails, and so if you receive a strange message, do not open it and do not interact with any attachments. It is also a good idea to avoid bundled downloaders, unreliable file-sharing sites, random pop-up warnings, or strange advertisements. Since remote access systems have been known to be employed for the distribution of ransomware, we suggest disabling remote access too. Of course, it is most important to have reliable security systems in place. If your operating system is guarded by reliable anti-malware software, the devious MedusaLocker Ransomware should stand no chance of slithering in. If it does get in, the threat starts by terminating certain processes, dropping files, creating a Windows task, and also deleting shadow volume copies to prevent you from using a system restore point.

Once fully established within the system, MedusaLocker Ransomware starts encrypting files right away. It is most likely to encrypt files in %USERPROFILE% and %HOMEDRIVE% directories, and if this is where you keep personal photos, documents, and other similar files, you are in trouble. The threat is capable of encrypting everything in its way, and it only avoids files with .dll, .exe, .ini, .lnk, .rdp, and also .sys extensions. Speaking of extensions, MedusaLocker Ransomware might add a unique extension to the files it corrupts, and, according to our research team, the threat can choose from several different ones, including .bomber, .boroff, .breakingbad, encrypted, .locker16, .newlock, .nlocker, and .skynet. Once files are encrypted – and you might not even notice it right away – the threat drops a ransom note file named “HOW_TO_RECOVER_DATA.html.” Obviously, you want to remove this file, but if you open it, be careful about what you do with the message inside. It suggests that you need to purchase a decryptor tool to have your files decrypted. No further information about the payment is provided, and that is meant to make you send a message to rdp_unlock@outlook.com or rdpunlock@cock.li. Do not do this if you do not want to be scammed again. Also, we do not advise paying the ransom because we doubt that you would get a decryptor in return for the payment.

How to delete MedusaLocker Ransomware

The situation might seem pretty dark, and it is, but if you have backups of your personal files stored outside the infected computer, you should remove MedusaLocker Ransomware without postponement. Once you get rid of this malware, you will be able to replace the corrupted files. If backups do not exist, make sure you start backing up personal files in the future. As for the corrupted files, we do not have a solution for you, and when we researched the threat, a legitimate and free decryptor did not exist either. That means that you might end up losing files. Overall, whether you lose your files, you find copies, or you are able to perform decryption, do not forget to delete MedusaLocker Ransomware. If you want to try removing this threat manually, check out our guide. If you want a quick solution, and you also want your system protected reliably, we advise using anti-malware software.

Removal Instructions

  1. Find the {unknown name}.exe file that launched the threat and Delete it.
  2. Delete the ransom note file named HOW_TO_RECOVER_DATA.html.
  3. Launch Windows Explorer by tapping Win and E keys at the same time.
  4. Enter %APPDATA% into the quick access field.
  5. Delete the ransomware file named svchostt.exe.
  6. Enter %WINDIR%\System32\Tasks\ into the quick access field.
  7. Delete the task named svchostt.
  8. Launch Run by tapping Win and R keys at the same time and then enter regedit into the box.
  9. In Registry Editor, navigate to HKEY_CURRENT_USER\Software\.
  10. Delete the key named Medusa.
  11. Empty Recycle Bin and then quickly employ a malware scanner to run a full system scan. 100% FREE spyware scan and
    tested removal of MedusaLocker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *