Fake Locky Ransomware Virus (Removal Steps and Protection Updates)

A Locky Impersonator virus threat has emerged called Fake Locky ransomware which can easily be removed by following our removal guide.


Name
Fake Locky Ransomware

File Extensions
.LOCKED

Ransom
1 Bitcoin

Solution #1
You can skip all steps and remove Fake Locky Ransomware with the help of an anti-malware tool.

Solution #2
Fake Locky Ransomware ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below.

Distribution
Spam Email Campaigns, malicious ads & etc.

Fake Locky Ransomware Description

Security experts have spotted a new malware threat which impersonates the famous Locky family of viruses. This new Fake Locky ransomware has been created by an unknown hacker and the initial code analysis does not show a correlation between the threat’s code and any of the known malware families. This likely means that it is an independent creation and it follows the basic behaviour pattern used by other similar threats.

The reason why the virus impersonates the Locky ransomware is that it’s one of the famous viruses that is also known to ordinary users, not jut computer security experts. And while it uses the same extension (.LOCKED) to rename the target user files. The Fake Locky’s encryption engine uses a strong cipher to affect the most commonly used user data files – documents, photos, backup images, music and etc.

Once the encryption process is complete a ransomware note titled ‘Rans0m_N0te_Read_ME.txt’ is crafted and shown to the user. Its contents read the following:

Files has been encrypted with Locky Ransomware, Do not alter your files or you will not be able to recover anything nobody will be able to recover your data since its set to AES-256 and requires our Key
Send me 1.0 bitcoins
Send payment to this Address: 13DYdAKb8nfo1AYeGpJXwKZYupyeqYu2QZ
For Instructions on how to Purchase & send bitcoin refer to this link : ***
for support Email: [email protected]
After 48 Hours your ransom doubles to 2.0 BTC
After 72 Hours we will delete your recovery keys

The virus extorts a varying ransomware fee from the computer victims. The criminal developers demand a higher sum if the victims do not pay the price within 48 hours. After 72 hours the private decryption keys are deleted which makes recovery impossible via the hacker-supplied decryption options.

Fake Locky Ransomware Distribution

The first malware samples were reported in the last weeks of February 2017. The limited number of samples does not give a clear indication of the primary infection strategies. However we assume that the hackers use the most widely used ones which include the following:

  • Spam Email Messages – This is one of the most popular ways to spread malware threats. The hackers employ bulk message sending bots or hacked servers which distribute phishing schemes. The viruses are either linked or attached in the body of the messages. Depending on the complexity of the malware there may be additional payloads, complicated scripts or malicious macro which can be used in conjuction with the primary carrier.
  • Dangerous Redirects – All sorts of dangerous redirects such as browser hijackers and malicious ads.
  • Infected Installers – Viruses are often transmitted through infected installers which include counterfeit applications, games, patches and utilities. They are often found on hacked download portals and BitTorrent trackers.

Fake Locky Ransomware – How To Remove it and Prevent It From Coming Back

There are two ways of removal:

Fake Locky Ransomware Ransomware Removal

For a faster solution, you can run a scan with an advanced malware removal tool and delete Fake Locky Ransomware completely with a few mouse clicks.

STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.

    1) Hit WIN Key + R

Windows-key-plus-R-button-launch-Run-Box-in-Windows-illustrated

    2) A Run window will appear. In it, write “msconfig” and then press Enter
    3) A Configuration box shall appear. In it Choose the tab named “Boot
    4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
    5) Apply -> OK

Or check our video guide – “How to start PC in Safe Mode with Networking

STEP II: Show Hidden Files

    1) Open My Computer/This PC
    2) Windows 7

      – Click on “Organize” button
      – Select “Folder and search options
      – Select the “View” tab
      – Go under “Hidden files and folders” and mark “Show hidden files and folders” option

    3) Windows 8/ 10

      – Open “View” tab
      – Mark “Hidden items” option

    show-hidden-files-win8-10

    4) Click “Apply” and then “OK” button

STEP III: Enter Windows Task Manager and Stop Malicious Processes

    1) Hit the following key combination: CTRL+SHIFT+ESC
    2) Get over to “Processes
    3) When you find suspicious process right click on it and select “Open File Location
    4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process
    5) Next you should go folder where the malicious file is located and delete it

STEP IV: Remove Completely Fake Locky Ransomware Ransomware Using SpyHunter Anti-Malware Tool

Manual removal of Fake Locky Ransomware requires being familiar with system files and registries. Removal of any important data can lead to permanent system damage. Prevent this troublesome effect – delete Fake Locky Ransomware ransomware with SpyHunter malware removal tool.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

STEP V: Repair Windows Registry

    1) Again type simultaneously the Windows Button + R key combination
    2) In the box, write “regedit”(without the inverted commas) and hit Enter
    3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
    4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys

Further help for Windows Registry repair

STEP VI: Recover Encrypted Files

    1) Use present backups
    2) Restore your personal files using File History

      – Hit WIN Key
      – Type “restore your files” in the search box
      – Select “Restore your files with File History
      – Choose a folder or type the name of the file in the search bar

    restore-your-personal-files-using-File-History-bestecuritysearch

      – Hit the “Restore” button

    3) Using System Restore Point

      – Hit WIN Key
      – Select “Open System Restore” and follow the steps

restore-files-using-system-restore-point

STEP VII: Preventive Security Measures

    1) Enable and properly configure your Firewall.
    2) Install and maintain reliable anti-malware software.
    3) Secure your web browser.
    4) Check regularly for available software updates and apply them.
    5) Disable macros in Office documents.
    6) Use strong passwords.
    7) Don’t open attachments or click on links unless you’re certain they’re safe.
    8) Backup regularly your data.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *