LOCK2G virus Removal Guide
What is LOCK2G ransomware?
LOCK2G ransomware – a dangerous virus that asks to pay for file recovery
Ransomware is considered to be one of the most dangerous infections out there
Ransomware is a devastating infection that mainly attacks Windows computers or networks. In recent years, this type of malware has been extremely successful, as more new strains have been released into the wild. Likewise, established ransomware families have also been very active, and it is not stopping anytime soon.
First spotted in the second half of November 2019, LOCK2G ransomware is a new crypto-malware that specializes in money extortion. It is not yet clear how it spreads, although most common malware distribution tactics include spam emails, software vulnerabilities, malicious ads, fake/repacked installers/software cracks, and similar.
Once installed on the device, malware does not immediately start to encrypt files. Instead, prepares the system for the process – deletes Shadow Copies, imports its own files, creates new processes. This allows the virus to proceed with the encryption of pictures, documents, videos, and other files – with the help of a strong encryption algorithm.
They lose their original icons, get their name replaced with a random string of characters, and have a .LOCK2G extension attached at the end. This allows the malware to prevent victims from opening or editing data on their PC. It is important to note that files are not corrupted but rather locked behind a complex key, which is then sent out to malicious actors.
Another sign of the LOCK2G virus infection is a ransom note that is placed on a desktop and several other places on the computer. A file, titled !!!Recovery File.txt, explains to victims what happened to their data – they need to download the TOR browser and go to a specified .onion address to contact malware authors.
|Type||Ransomware, file locking virus|
|Ransom note||!!!Recovery File.txt|
|File Recovery||If no backups are available, recovering data is almost impossible. However, we suggest you try the alternative methods that could help you in some cases – we list them below|
|Malware removal||Perform a full system scan with powerful security software, such as SpyHunter 5Combo Cleaner, Malwarebytes|
|System fix||Malware can seriously tamper with Windows systems, causing errors, crashes, lag, and other stability issues after it is terminated. To remediate the OS and avoid its reinstallation, we recommend scanning it with the ReimageIntego repair tool|
The ransom note of the LOCK2G virus
A ransom note is the primary means for communication between the attackers and victims. In fact, almost all ransomware creators rely on this file to increase the chances of a successful payment – this is why some of them are opened automatically while others show a pop-up window.
Nonetheless, most cybercriminals use a simple text file (.txt), which can be opened with Notepad or any other application. In this case, malware authors provide a rather long explanation about what is meant to be done by victims in order to recover their files:
All of your important files have been encrypted on this PC.
All files are encrypted.
To decrypt your files, you need to get a private key + decryption software.
To get the private key and decrypt software, you need to contact us and send us
To do this you need to go to the site in darkweb you can only enter through the TOR BROWSER
you can download it here https://www.torproject.org/download/
after you have installed a tor browser open this site
It shows you your current contacts.
Do not use chrome or firefox to access this site.
The site will not open with a tor browser only.
We can decrypt several files as a demonstration – you can send us up to 5 files
up to 5 MB in total weight
and we will send them back to you in their original form for FREE.
How long do I have to wait for the decryption key for the whole PC?
After payment, we will send you the key within minutes.
Your personal ID:
Attention! Don't lose your money.
write to us personally. if you ask someone else to help you decrypt, they will just write to us instead of you. and this will increase our costs for their services (mediation). in the worst case you will be cheated. so write personally, this is safer for you. only we can decrypt files.
Do not try to change the files and remove the extension, you may lose it forever. if you try to decrypt it yourself, experiment on the copies, do not experiment on the originals.
As it is typical to any other malware authors of this kind (for example, Iisa ransomware), free test decryption is offered. This is done in order to increase users' trust. Security experts do not recommend trusting cybercriminals at all because, even if they would send you decrypted files back, they might never provide you with a working tool once the money is paid. Instead, we recommend you follow the instructions below.
The ransom note is used by cybercriminals for communication purposes
Remediation plan: start with malware removal
The first step you should take is malware removal. It is yet unknown whether or not LOCK2G ransomware self-deletes after performing the data locking process, so it is best to be safe than sorry. This can be done in one way alone – by scanning the machine with powerful anti-malware software – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes.
Before you do this, it is important to disconnect your system from the internet. You can either do it by plugging out the internet connection cable. After that is done, perform a full system scan with security software. If that does not work for one reason or another, use the instructions below to access Safe Mode to avoid malware preventing you from terminating it.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing the F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on the Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find the Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Click Restart.
- Press 5 or click 5) Enable Safe Mode with Networking.
Once you access Safe Mode, use another anti-malware to perform a full system scan to remove all the malicious files and processes at once.
Try recovering your data without paying
Most people who get infected with ransomware know very little about or haven't even heard of it before. In other cases, some might very well know the dangers of certain online activities that could result in its infection (for example, disabling security software for a software crack to be successful) and still proceed with it.
Right now, it does not really matter how you got infected, however, and the main focus should be file recovery. If you have data backups available, you should not worry about anything, as the damages of ransomware will be minimal. Unfortunately, most people don't use them. If you need help with creating backups of your files, check out the instructions at the bottom of this post.
Anti-malware software can't restore files (even though people believe it is the case) – and it is precisely why ransomware is so devastating. Specialized data recovery software might be successful in some cases, at least with some of the encrypted files. Decryption tools might also be created in the future.
Before you proceed with alternative data recovery methods, make sure you have already performed LOCK2G virus removal.
1. Use Data recovery software
- Download Data Recovery Pro.
- Double-click the installer to launch it.
- Follow on-screen instructions to install the software.
- As soon as you press Finish, you can use the app.
- Select Everything or pick individual folders where you want the files to be recovered from.
- Press Next.
- At the bottom, enable Deep scan and pick which Disks you want to be scanned.
- Press Scan and wait till it is complete.
- You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
- Press Recover to retrieve your files.
2. Wait for a decryptor
Ransomware's encryption code, if not flawed, is extremely secure, and even the most sophisticated computers would not be able to calculate the decryption key for each of the victims successfully. Without the decryptor from cybercriminals, restoring files might be impossible, especially if data recovery software was of no help.
However, not all malware are created equally – some are simply programmed much worse than others and contain several bugs. By finding them, cybersecurity experts can sometimes create a working decryptor that victims can use for free. Keep in mind that this might or might not happen and that it might take a while. We recommend checking the following sources for the decryptors from time to time:
- No More Ransom Project
- Free Ransomware Decryptors by Kaspersky
- Free Ransomware Decryption Tools from Emsisoft
- Avast decryptors
Fix damaged system files
After malware infection, Windows is no longer the same, as some system files might get damaged or even destroyed. This can result in system instability – crashes, failure to launch programs, BSODs, and many other issues. If you are suffering from these problems after eliminating the infection, use data recovery software as explained below.
- Download ReimageIntego
- Click on the ReimageRepair.exe
- If User Account Control (UAC) shows up, select Yes
- Press Install and wait till the program finishes the installation process
- The analysis of your machine will begin immediately
- Once complete, check the results – they will be listed in the Summary
- You can now click on each of the issues and fix them manually
- If you see many problems that you find difficult to fix, we recommend you purchase the license and fix them automatically.
By employing this tool, you would not have to worry about future computer issues, as most of them could be fixed quickly by performing a full system scan at any time. Most importantly, you could avoid the tedious process of Windows reinstallation in case things go very wrong due to one reason or another.
Getting rid of LOCK2G virus. Follow these steps
Create data backups to avoid file loss in the future
One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.
Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:
- Backup on a physical external drive, such as a USB flash drive or external HDD.
- Use cloud storage services.
The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.
Using Microsoft OneDrive
OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:
- Click on the OneDrive icon within your system tray.
- Select Help & Settings > Settings.
- If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
- Once done, move to the Backup tab and click Manage backup.
- Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
- Press Start backup.
After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).
Using Google Drive
Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.
You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.
- Download the Google Drive app installer and click on it.
- Wait a few seconds for it to be installed.
- Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
- Click Get Started.
- Enter all the required information – your email/phone, and password.
- Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
- Once done, pick Next.
- Now you can select to sync items to be visible on your computer.
- Finally, press Start and wait till the sync is complete. Your files are now being backed up.
Report the incident to your local authorities
Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.
Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:
- USA – Internet Crime Complaint Center IC3
- United Kingdom – ActionFraud
- Canada – Canadian Anti-Fraud Centre
- Australia – ScamWatch
- New Zealand – ConsumerProtection
- Germany – Polizei
- France – Ministère de l'Intérieur
If your country is not listed above, you should contact the local police department or communications center.
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from LOCK2G and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.