LOCK2G ransomware (virus) - Recovery Instructions Included

LOCK2G virus Removal Guide

What is LOCK2G ransomware?

LOCK2G ransomware – a dangerous virus that asks to pay for file recovery

LOCK2G ransomwareRansomware is considered to be one of the most dangerous infections out there

Ransomware is a devastating infection that mainly attacks Windows computers or networks. In recent years, this type of malware has been extremely successful, as more new strains have been released into the wild. Likewise, established ransomware families have also been very active, and it is not stopping anytime soon.

First spotted in the second half of November 2019, LOCK2G ransomware is a new crypto-malware that specializes in money extortion. It is not yet clear how it spreads, although most common malware distribution tactics include spam emails, software vulnerabilities, malicious ads, fake/repacked installers/software cracks, and similar.

Once installed on the device, malware does not immediately start to encrypt files. Instead, prepares the system for the process – deletes Shadow Copies, imports its own files, creates new processes. This allows the virus to proceed with the encryption of pictures, documents, videos, and other files – with the help of a strong encryption algorithm.[1]

They lose their original icons, get their name replaced with a random string of characters, and have a .LOCK2G extension attached at the end. This allows the malware to prevent victims from opening or editing data on their PC. It is important to note that files are not corrupted but rather locked behind a complex key, which is then sent out to malicious actors.

Another sign of the LOCK2G virus infection is a ransom note that is placed on a desktop and several other places on the computer. A file, titled !!!Recovery File.txt, explains to victims what happened to their data – they need to download the TOR browser and go to a specified .onion address to contact malware authors.

Name LOCK2G ransomware
Type Ransomware, file locking virus
File extension .LOCK2G
Ransom note !!!Recovery File.txt
Contact buclemylhtpbsxd7g2opjib3pzc5jgami5c3oya56j4kdo26ha4wcoad.onion
File Recovery If no backups are available, recovering data is almost impossible. However, we suggest you try the alternative methods that could help you in some cases – we list them below
Malware removal Perform a full system scan with powerful security software, such as SpyHunter 5Combo Cleaner, Malwarebytes
System fix Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the ReimageIntego repair tool

The ransom note of the LOCK2G virus

A ransom note is the primary means for communication between the attackers and victims. In fact, almost all ransomware creators rely on this file to increase the chances of a successful payment – this is why some of them are opened automatically while others show a pop-up window.

Nonetheless, most cybercriminals use a simple text file (.txt), which can be opened with Notepad or any other application. In this case, malware authors provide a rather long explanation about what is meant to be done by victims in order to recover their files:

All of your important files have been encrypted on this PC.
All files are encrypted.

To decrypt your files, you need to get a private key + decryption software.

To get the private key and decrypt software, you need to contact us and send us
To do this you need to go to the site in darkweb you can only enter through the TOR BROWSER
you can download it here https://www.torproject.org/download/
after you have installed a tor browser open this site

http://buclemylhtpbsxd7g2opjib3pzc5jgami5c3oya56j4kdo26ha4wcoad.onion

It shows you your current contacts.
Do not use chrome or firefox to access this site.
The site will not open with a tor browser only.

Our Guarantee.
We can decrypt several files as a demonstration – you can send us up to 5 files
up to 5 MB in total weight
and we will send them back to you in their original form for FREE.

How long do I have to wait for the decryption key for the whole PC?
After payment, we will send you the key within minutes.

Your personal ID:
[YOUR KEY]

Attention! Don't lose your money.
write to us personally. if you ask someone else to help you decrypt, they will just write to us instead of you. and this will increase our costs for their services (mediation). in the worst case you will be cheated. so write personally, this is safer for you. only we can decrypt files.

Do not try to change the files and remove the extension, you may lose it forever. if you try to decrypt it yourself, experiment on the copies, do not experiment on the originals.

As it is typical to any other malware authors of this kind (for example, Iisa ransomware), free test decryption is offered. This is done in order to increase users' trust. Security experts[2] do not recommend trusting cybercriminals at all because, even if they would send you decrypted files back, they might never provide you with a working tool once the money is paid. Instead, we recommend you follow the instructions below.

LOCK2G ransomware virusThe ransom note is used by cybercriminals for communication purposes

Remediation plan: start with malware removal

The first step you should take is malware removal. It is yet unknown whether or not LOCK2G ransomware self-deletes after performing the data locking process, so it is best to be safe than sorry. This can be done in one way alone – by scanning the machine with powerful anti-malware software – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes.

Before you do this, it is important to disconnect your system from the internet. You can either do it by plugging out the internet connection cable. After that is done, perform a full system scan with security software. If that does not work for one reason or another, use the instructions below to access Safe Mode to avoid malware preventing you from terminating it.

Windows 7 / Vista / XP

  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list.Windows XP/7

Windows 10 / Windows 8

  1. Right-click on the Start button and select Settings.
  2. Scroll down to pick Update & Security.
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find the Advanced Startup section.
  5. Click Restart now.
  6. Select Troubleshoot.Choose an option
  7. Go to Advanced options.Advanced options
  8. Select Startup Settings.Startup settings
  9. Click Restart.
  10. Press 5 or click 5) Enable Safe Mode with Networking.

Once you access Safe Mode, use another anti-malware to perform a full system scan to remove all the malicious files and processes at once.

Try recovering your data without paying

Most people who get infected with ransomware know very little about or haven't even heard of it before. In other cases, some might very well know the dangers of certain online activities that could result in its infection (for example, disabling security software for a software crack to be successful) and still proceed with it.

Right now, it does not really matter how you got infected, however, and the main focus should be file recovery. If you have data backups available, you should not worry about anything, as the damages of ransomware will be minimal. Unfortunately, most people don't use them. If you need help with creating backups of your files, check out the instructions at the bottom of this post.

Anti-malware software can't restore files (even though people believe it is the case) – and it is precisely why ransomware is so devastating. Specialized data recovery software might be successful in some cases, at least with some of the encrypted files. Decryption tools might also be created in the future.

Before you proceed with alternative data recovery methods, make sure you have already performed LOCK2G virus removal.

1. Use Data recovery software

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
    LOCK2G ransomware
  • Follow on-screen instructions to install the software.
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders where you want the files to be recovered from.Select what to recover
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.Scan
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.

2. Wait for a decryptor

Ransomware's encryption code, if not flawed, is extremely secure, and even the most sophisticated computers would not be able to calculate the decryption key for each of the victims successfully. Without the decryptor from cybercriminals, restoring files might be impossible, especially if data recovery software was of no help.

However, not all malware are created equally – some are simply programmed much worse than others and contain several bugs.[3] By finding them, cybersecurity experts can sometimes create a working decryptor that victims can use for free. Keep in mind that this might or might not happen and that it might take a while. We recommend checking the following sources for the decryptors from time to time:

No More Ransom Project

Fix damaged system files

After malware infection, Windows is no longer the same, as some system files might get damaged or even destroyed. This can result in system instability – crashes, failure to launch programs, BSODs, and many other issues. If you are suffering from these problems after eliminating the infection, use data recovery software as explained below.

  • Download ReimageIntego
  • Click on the ReimageRepair.exe
    Reimage download
  • If User Account Control (UAC) shows up, select Yes
  • Press Install and wait till the program finishes the installation processReimage installation
  • The analysis of your machine will begin immediatelyReimage scan
  • Once complete, check the results – they will be listed in the Summary
  • You can now click on each of the issues and fix them manually
  • If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.Reimage results

By employing this tool, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of LOCK2G virus. Follow these steps

Create data backups to avoid file loss in the future

One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.

Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:

  • Backup on a physical external drive, such as a USB flash drive or external HDD.
  • Use cloud storage services.

The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.

Using Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Using Google Drive

Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.

You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed. Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started. Backup and sync
  5. Enter all the required information – your email/phone, and password. Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next. Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from LOCK2G and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References