Get Rid of Lock2017 Ransomware and Recover Enciphered Data

Lock2017 Ransomware – Essential Information

 

Another file encoder trojan is in the loose, dubbed as Lock2017 Ransomware, uses RSA-2048 cipher to encoded certain types of files on the local disk, mounted network drives including removable drives. Found samples of the ransomware was submitted to security firms on March 5^th 2017. It took few days but now research report is public. According to report, Lock2017 Ransomware is delivered on most of the Windows-machine via macro-enabled document that comes attached with spam emails. Also, developers of the ransomware might abuse macro functionality in software such as Microsoft Office, WPS office, Adobe PDF reader which allows the to execute malicious code on remote machines without direct interaction. This trick might work into luring a computer user to open a file from malicious source. After studying few cases, we came across that Lock2017 Ransomware is well known for using spoofed email accounts and spam networks for targeting potential victims.

Further, it worths to know that Lock2017 virus is exactly named after its official email address – [email protected]. If you receive any email from such suspicious source, you never double click it. Instead you should delete it permanently from your inbox. Even, it works as similar as [email protected] ransomware. As we mentioned Lock2017 Ransomware is powered with RSA-2048 cipher and encrypted files always a need a private key or proper software tool to get back into its normal version. Unless you recover your files, you won’t be able to read or modify enciphered files onto your compromised Windows-machine. Enciphered files will be renamed in a unique way- file_name.file_ext].id-[UserID][email protected][email protected] .

For instance, ‘Guardians.pptx’ is transcoded as: ‘Guardians.pptx.id-56679319295__contact_me_lock2017@[email protected] ‘

Data Recovery Option and Prevention Tips

According to Lock2017 Ransomware’s ransom note, in order to obtain private key or proper file decryptor software, you have to pay off ransom fee to the developers. However, there will be no guarantee that your private key will successfully decode your files. As you know, threats actors are some sort of con artist, they don’t care about victims. Once they get paid, start ignoring victims. Though, it is thousand times better to make use of alternative methods and recover some of your important files. But first you need to remove Lock2017 Ransomware completely from your computer. Otherwise, it will encipher your important files again and again.

Detailed information regarding Lock2017 Ransomware removal and data recovery is presented below:

 

Lock2017 Ransomware File Removal Info (Video Guide) – YouTube

Free Scan your Windows PC to detect Lock2017 Ransomware

Remove Lock2017 Ransomware From Your PC

Step 1: Remove Lock2017 Ransomware in Safe Mode with Command Prompt

• First of all disconnect your PC with network connection.
• Click restart button and keep pressing F8 key regularly while system restart.

• You will see “Windows Advanced Options Menu” on your computer screen.

• Select “Safe Mode with Command Prompt” and press Enter key.

• You must login your computer with Administrator account for full privilege.

• Once the Command Prompt appears then type rstrui.exe and press Enter

• Now follow the prompts on your screen to complete system restore.

Step 2: Remove Lock2017 Ransomware using MSConfig in Safe Mode:

• Power off your computer and restart again.
• While booting press the “F8 key” continuously to open “Windows Advanced Options Menu”.

• Use the arrow keys to select “Safe Mode” option and press Enter key.

• Once system get started go to Start menu. Type “msconfig” in the search box and launch the application.

• Go to the Startup tab and look for files from %AppData% or %Temp% folders using rundll32.exe. See an example below:

C:\Windows\System32\rundll32.exe C:\Users\username\appdata\local\temp\regepqzf.dll,H1N1

• Disable all the malicious entries and save the changes.
• Now restart your computer normally.

Step 3 : Kill Malicious Process Related To Lock2017 Ransomware

• Press Alt+Ctrl+Del buttons together.

• It will open the Task manager on your screen.
• Go to Process Tab and find Lock2017 Ransomware related process.
• Click the End Process Now button to stop the running process.

Step 4 : Remove Lock2017 Ransomware Virus From Registry Entry

• Press “Windows + R” key together to open Run Box.

• Type “regedit” and click OK button.

• Find and remove Lock2017 Ransomware related entries.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Now hopefully you have completely removed the Lock2017 Ransomware virus from your computer. If you are still get ransom message from the threat or unable to access your files, then it means that virus still remain into your computer. In such situation you don’t have any other option except removing this virus using any powerful malware removal tool.

Whereas if you have any backup of your infected or encrypted files, then you can also reinstall your Windows OS. This will erase all your files and data as along with the Lock2017 Ransomware infection. You will get a completely empty computer system with no files. Now you can use your backup to get your files. If you don’t have any backup then using malware removal tool is a better option for you.

If you have any query or question regarding your computer, then you can easily ask your problem to our experts. Go to the Ask Any Question page and get the answer for your query directly from out experts.