LockCrypt ransomware virus. How to remove? (Uninstall guide)

removal by Olivia Morelli - - | Type: Ransomware
12

LockCrypt ransomware wants money in exchange for data decryption

LockCrypt virus is ransomware that encrypts all files[1] to make them inaccessible to the victim. During the encryption, the virus renames all files by replacing the original filename with a long string of random digits, victim’s id, and .lock file extension. The virus then drops a ReadMe.txt file on the desktop, and this file provides an explanation of what has happened. The ransomware informs the victim that all data has been encrypted and that in order to reverse the encryption the victim has to pay for decryption. The ransom note doesn’t reveal the exact price that victim has to pay; it only commands the victim to write to d_dukens@aol.com or d_dukens@bitmessage.ch for further instructions. According to the criminals, the price of the ransom depends on how fast the victim manages to reach out to the culprits. The attackers suggest decrypting three small files for free to prove that they have the decryption tool and that files are not permanently corrupted. The total size of files to test the decryption should be no larger than 10Mb (non-archived) and, according to frauds, “should not contain valuable information.” If you were infected with this ransomware variant, we suggest you remove LockCrypt using anti-malware software such as Reimage and try to recover your files using alternative methods. Malware analysts say that this ransomware variant might be decryptable, and so we believe that it is worth the wait. Remember that criminals can ask you to pay a large sum of money, for instance, from 500 to 2000 USD, and we do not think that you want to risk losing such amount of money simply by expecting that such sum will soften criminals’ hearts.

LockCrypt ransom note

LockCrypt ransomware is a virtual extortion tool that is meant to scare the computer users and make them pay the ransom. However, although such programs are dangerous, we do not suggest you to obey criminals’ commands and pay ransoms they demand. Today, there is some kind of ransomware cult that many inexperienced programmers tend to follow. While there are ransomware source codes available online and things such as ransomware-as-a-service[2], script kiddies can easily create customizable ransomware versions and distribute them through email. Luckily, most of these wannabe-cybercriminals are simply inexperienced and cannot create an obfuscated piece of malware, which allows malware analysts create recovery tool shortly after finding the virus’ sample. We believe that it is going to happen shortly, so take care of LockCrypt removal rather than buying Bitcoins and transferring them to frauds.

Ransomware distribution tricks

LockCrypt ransomware reportedly spreads via malicious spam, although it is likely to be hiding in software cracks or malicious websites. Some victims reported that it is being distributed via RDP attacks as well. Be careful when you try to access suspicious Internet sites, do not open questionable emails and especially files attached to them, and set long and strong passwords for accounts that have Remote Desktop access. Remember that criminals do not send viruses named as virus.exe or ransomware.exe – they are not kind of straightforward people. Instead, they will hide the malicious script in Word, Excel, or JavaScript files that do not contain ransomware executable but download it from a remote server instead. To protect your PC from such attacks, you need to have an up-to-date security software installed on your PC. Avoid browsing questionable websites and never visit illegal domains. This way, you will bypass web locations that are likely to contain malicious files.

Easy way to remove LockCrypt

The easiest way to remove LockCrypt virus is to follow instructions given below and delete the virus while in Safe Mode with Networking. Reboot your PC into the above-mentioned mode and start anti-malware or anti-spyware software to remove the virus for you. Please do not try to initiate manual LockCrypt removal – ransomware viruses are too sophisticated and dangerous and inexperienced computer users simply can overlook some of its malicious components. It goes without saying that leaving them on the system poses a threat to user’s privacy and computer’s security.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove LockCrypt ransomware virus you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall LockCrypt ransomware virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Manual LockCrypt virus Removal Guide:

Remove LockCrypt using Safe Mode with Networking

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

Delete the Lock Crypt virus according to the guidances provided below.

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove LockCrypt

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete LockCrypt removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove LockCrypt using System Restore

Reimage is a tool to detect malware.
You need to purchase Full version to remove infections.
More information about Reimage.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of LockCrypt. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that LockCrypt removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove LockCrypt from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

Restore your files from a backup, or, if you do not own one, try these options.

If your files are encrypted by LockCrypt, you can use several methods to restore them:

Recover files with a help of Data Recovery Pro

Data Recovery Pro proved to be an useful tool for those that are dealing with piles of corrupted files. You might want to test this tool on files locked by the indicated ransomware.

Official decryption tools are not available yet

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from LockCrypt and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author

References