Severity scale:  
  (99/100)

LockMe ransomware. How to remove? (Uninstall guide)

removal by Julie Splinters - - | Type: Ransomware
12

LockMe ransomware requires paying the ransom to unlock files

A picture of LockMe ransom noteLockMe is file-encrypting ransomware[1] that has been revealed at the beginning of February 2017. It uses a strong AES encryption model and targets MS Office documents, OpenOffice, PDF, text files, photos, videos, image files, and archives in priority. Encrypted files get a .lockme file extension and a file token Salted_. When the crypto-extortioner encodes needed data, it generates a ransom note in a format of the .txt file named as README_FOR_DECRYPT_YOUR_FILES.txt.

The ransom note provides all the necessary information to acquaint the victim with the virus and the conditions imposed to decrypt the locked files. Currently, people are urged to pay the ransom, which is 0.03 BTC[2] (around 230 USD) and then contact the ransomware developer via email LockMecQqL3Ruyi7V0RfZ@tutamail.com. A full LockMe virus ransom note says:

All of your files have been Encrypted with military grade system and impossible to brute force, cracking, or reverse engineering it !
If you want all of your files back send me 0.03 BTC .
[+] Your Unique ID : [***]
[+] Send BTC To This Address : 1LockMeEPLr4ZRsoht8Wp6idBsT5TuBXtX
[+] Send BTC : 0.03 BTC
[+] Contact Email : LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com
*) Don't try change the '.lockme' extensions , if you change it , your all files can be broken and can't be restored forever .
*) If you've made a payment contact LockMecQqL3Ruyi7V0RfZ@tutamail.com | LockMe9hG1F7pbWqThUt9P8@mailfence.com .
*) If you not made a payment all of your private files will be leaked on internet (private photos, documents, videos, and more) .
Question : How to buy Bitcoin ?
Answer : You can buy Bitcoin at this Website : bitcoin.com , coinbase.com , cex.io , paxful.com , coinmama.com , etc .
[+] Your IP : [***] | Your ID : [***] [+]

The extortionists intimidate people by saying that they are going to publish personal files, including sensitive photos or important documents on the Internet. Such claims are likely to increase the number of victims paying the ransom, even if security experts do not recommend that. Instead, people should install Reimage or another powerful anti-malware and remove LockMe virus immediately.

Although LockMe removal may result in complete file loss, people should not take the risk of identity theft by revealing credit card details, full name, and other personal information. On top of that, paying the ransom does not guarantee that criminals will unlock the data on your PC or won't publish it on the Internet.

LockMe ransomware prevalence is expected

Luckily, the number of LockMe virus victims is not big yet. However, cyber security experts warn that its prevalence may increase. Such assumptions are based on the fact that the virus info has already been translated into 54 languages (Russian, English, German, Turkish, Polish, Italian, Romanian, Icelandic, Irish, Norvegian, and so on). Thus, no one can argue that it's oriented towards multilingual users and it's only a matter of time when people from all overthe world will start reporting it.

It seems that the origin of the LockMe virus is Russia since the original ransom note is written in Russian language and contains the least number of mistakes. All other ransom notes are prepared using Google translator, so, for example, the English version, as you can see above, is a word-to-word translation. Besides, email addresses on the Russian version (LockMecQqL3Ruy7V0RfZ@protonmail.com) and all the rest (LockMecQqL3Ruyi7V0RfZ@tutamail.com and LockMe9hG1F7pbWqThUt9P8@mailfence.com) do not coincide.

If this virus has infected your PC, you shouldn't worry if you backup your files regularly. Personal files stored both on the cloud, USB, CD or other external drives should not be affected unless the external drive was plugged into the PC during the attack. Unfortunately, we have bad news for those who don't have backups.[3] Currently, LockMe decryptor is not yet available because ransomware experts are currently trying to crack its code right now. The problem is that ransomware developers don't give much time to transfer the ransom. Usually, it has to be paid within 48 or 72 hours after the decryption.

Even if you lost many important documents or photos, paying the ransom can cause more problems, such as identity theft and, definitely, money loss, so we would recommend you to remove LockMe virus with a professional antimalware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware and then try to unlock files using Windows Shadow Volume copies or professional software recovery tools.

Ransomware executable is sent to people's inbox

Ransowame infections are disseminated using various illegal methods. For many years, the most widely spread distribution technique of malicious viruses is spam email. Hackers can purchase people's email addresses on the black market (often soled by adware and browser hijacker developers) and then regularly sent them emails with malicious attachments. Usually, such email messages report important events, ask to claim prizes or pretend to be generated by authorities. If the PC's owner opens the attachment of such email, virus is immediately executed and encodes the files in no time.

In addition, people may get infected via unprotected RDP configuration, fraudulent downloads, exploits kits,[4] fake software update prompts and similar techniques.

Eliminate LockMe ransomware

LockMe virus is a dangerous infection, which may result in both data and money loss. However, it can damage the system, weaken its security, and open the backdoor to other cyber infections. Therefore, you should accelerate LockMe removal.

Manual ransomware removal can hardly be implemented. Such infections root deply into the operating system, modify registry entries, and corrupt the information stored on the core system's drive. Therefore, you should employ a powerful (and updated!) anti-malware tool to remove LockMe virus completely. Our recommendation would be Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove LockMe ransomware you agree to our privacy policy and agreement of use.
do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall LockMe ransomware. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.
More information about this program can be found in Reimage review.
Press mentions on Reimage

Manual LockMe virus Removal Guide:

Remove LockMe using Safe Mode with Networking

If you cannot launch your antivirus because it's being blocked by .lockme virus, you should boot your PC into Safe Mode with Networking. The following steps will explain how to do that:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove LockMe

    Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete LockMe removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove LockMe using System Restore

System Restore may be of use in case Safe Mode with Networking method won't work. Using this method you will eliminate the ransomware and can further try to recover encrypted data.

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of LockMe. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that LockMe removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove LockMe from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

To unlock files encrypted by LockMe virus, try using the following guide:

If your files are encrypted by LockMe, you can use several methods to restore them:

Use Data Recovery Pro to decrypt locked files

Data Recovery Pro is a professional tool capable of both restoring and decoding personal files. Therefore, give it a try:

Recover files locked by LockMe virus using Windows Previous Version feature

Previous Windows version is one of the data recovery options that is applicable for those seeking to get individual files back. Besides, it is available on the systems on which the System Restore function was enabled before LockMe attack. 

  • Find an encrypted file you need to restore and right-click on it;
  • Select “Properties” and go to “Previous versions” tab;
  • Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.

Run ShadowExplorer to crack the code

It's not clear whether LockMe virus eliminates Volume Shadow Copies. While the most severe cyber infections remove them. Therefore, if other decryption methods did not help, try to extract the copies by following these steps:

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from LockMe and other ransomwares, use a reputable anti-spyware, such as Reimage, Plumbytes Anti-MalwareWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

About the author

Julie Splinters - Malware removal specialist

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References