NOT_OPEN_LOCKER Ransomware

Posted by Max Lehmann on July 1, 2019

What is NOT_OPEN_LOCKER Ransomware?

NOT_OPEN_LOCKER Ransomware is a computer infection that was released quite a while ago. It means that there should already be a public decryption tool available for this intruder. Also, it is very likely that the main server for this infection is down, so there is no use in paying the ransom fee. Not that you should ever do anything like that.

You need to remove NOT_OPEN_LOCKER Ransomware from the infected system, and then make sure that such infections do not enter it again. Aside from investing in a licensed antispyware tool, you should also educate yourself about ransomware distribution patterns.test

Where does NOT_OPEN_LOCKER Ransomware come from?

Our team says that NOT_OPEN_LOCKER Ransomware is another version of the Everbe Ransomware infection. It is very common for one infection to have several versions. Sometimes the same code is tweaked by different ransomware developers; sometimes the same creator releases an upgraded version of the program. The point is that NOT_OPEN_LOCKER Ransomware might exhibit certain behavioral patterns that are common to Everbe Ransomware, too.

What we know for sure is that this program spreads using the usual ransomware distribution methods. We have mentioned already that you have to know how ransomware spreads. The most common ransomware distribution method is spam.

Spam emails reach us every single day, but they usually get filtered into the Junk folder, and that’s that. However, some spam emails could easily reach the main inbox too, especially if the email service that you use doesn’t have a sophisticated algorithm. It is especially dangerous when you receive spam on your work computer. Corporate computers are often connected in one big network, and if your computer gets infected with NOT_OPEN_LOCKER Ransomware or any other ransomware infection for that matter, it could spread across your entire company.

It is actually true that ransomware infections tend to target businesses more than individuals. After all, if they encrypt important business files, and the companies do not have the backup, the companies would be more willing the pay the ransom. That is why you should never open attachments from unknown senders just like that. Use a reliable security tool to scan email attachments and files receive via RDP connection to see whether they are safe. Open them only if the security tool gives you the green light.

What does NOT_OPEN_LOCKER Ransomware do?

Just like any other ransomware infection out there, NOT_OPEN_LOCKER Ransomware encrypts your files. Aside from that, the moment this infection is launched, it also deletes the Shadow Volume copies (provided they have been enabled). Ransomware does that in order to prevent users from restoring their files. If the criminals cut you off from all the potential ways to restore your files, you would be more willingly to pay for the decryption key, right?

Of course, that shouldn’t be the reason to purchase the decryption key from these criminals. As mentioned, they might not even issue it anymore. Thus, you should not pay attention to this ransom note that the program displays on your screen:

HELLO, DEAR FRIEND!

1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED ]
Your files are NOT damaged! Your files are modified only. This modification is reversible.
The only 1 way to decrypt your files is to receive the decryption program.

2. [ HOW TO RECOVERY FILES? ]
To receive the decryption program write to email: notopen@countermail.com
And in subject write ID:
We send you full instruction how to decrypt all your files.
If we do not respond in within 24 hours, write to the email: not.open@mailfence.com

The fact that there are at least two email addresses in the note shows that even initially, the server connection was not steady. Not to mention that it doesn’t say how much you are supposed to pay for the decryption key, too. So the criminals might call any price they want.

How do I remove NOT_OPEN_LOCKER Ransomware?

To get rid of NOT_OPEN_LOCKER Ransomware, you need to delete the file that launched this infection, and then remove all the ransom note files. You should also scan your system with a security program that can locate all the malicious files at once, and delete them automatically. Not to mention that by acquiring a security tool, you would safeguard your system against other potential threats.

Manual NOT_OPEN_LOCKER Ransomware Removal

  1. Delete suspicious files from Desktop.
  2. Go to the Downloads folder and remove the most recent files.
  3. Press Win+R and type %TEMP%. Click OK.
  4. Remove the most recent files from the directory.
  5. Delete all copies of the !_HOW_RECOVERY_FILES_!.txt ransom note.
  6. Scan your PC with SpyHunter. 100% FREE spyware scan and
    tested removal of NOT_OPEN_LOCKER Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *