NOT_OPEN LOCKER ransomware (Virus Removal Guide) - Decryption Methods Included

NOT_OPEN LOCKER virus Removal Guide

What is NOT_OPEN LOCKER ransomware?

NOT_OPEN LOCKER is a ransomware which is classified as a new version of Everbe virus

NOT_OPEN LOCKER ransomware imageNOT_OPEN LOCKER ransomware is a file-encrypting virus which makes valuable data unusable.

NOT_OPEN LOCKER ransomware is a file-encrypting virus which emerged from Everbe ransomware virus. Once it enters the system, this crypto-malware starts encrypting data and files are marked with .[notopen@countermail.com].NOT_OPEN extension. Victims receive !_HOW_RECOVERY_FILES_!.txt ransom note which urges to contact the criminals via notopen@countermail.com email address.

Name NOT_OPEN LOCKER
Type Ransomware
Danger level High. Makes data unreadable
Precursor Everbe ransomware
Extension .[notopen@countermail.com].NOT_OPEN
Email address notopen@countermail.com
Amount of the ransom Unknown
Ransom note !_HOW_RECOVERY_FILES_!.txt
Decryption tools Official NOT_OPEN LOCKER decryption software is still under development
Distribution It is distributed via infected spam emails
Removal The only way to uninstall NOT_OPEN LOCKER ransomware is to get a robust antivirus. Additionally, you can get rid of the virus damage with ReimageIntego

Usually, malicious programs like NOT_OPEN LOCKER virus enter the system if one opens an infected email attachment. Once clicked, it drops the payload and starts encrypting valuable information. After data encryption[1], all files become unusable, and victims merely can see the ransom note. Here is the fraction of it:

2. [ HOW TO RECOVERY FILES? ]
To receive the decryption program write to email: notopen@countermail.com
And in subject write your ID: ID-902d495a94
We send you full instruction how to decrypt all your files.
If we do not respond within 24 hours, write to the email: not.open@mailfence.com

Criminals behind NOT_OPEN LOCKER malware inform people about the infection and urge to contact them via one of the identified email addresses. Additionally, they try to gain users' trust by promising to decrypt up to three files for free. However, experts warn that hackers should not be trusted.

NOT_OPEN LOCKER ransomware illustrationNOT_OPEN LOCKER is a ransomware which demands to pay the ransom to get encrypted files back.

We advise you to NEVER pay the ransom as there are alternative ways how to decrypt files which are encrypted by NOT_OPEN LOCKER ransomware. Although, first you should remove NOT_OPEN LOCKER virus from your computer with a professional antivirus.

Researchers have prepared guidelines which can help you restore encoded files after NOT_OPEN LOCKER removal. You can find them at the end of this article or install ReimageIntego to fix virus damage.

Spam emails carry malicious programs inside

It is essential to understand that spam emails might be dangerous and include either malicious scripts or payloads of malware. This is the primary distribution source for ransomware and similar cyber threats. Therefore, you should learn how to identify a potential attempt to infiltrate malware.

Usually, spam emails might look legitimate and innocent. Criminals design them to resemble well-known companies or brands. Likewise, they may even include a logo or other recognizable item. However, malicious emails also try to create urgency to open an attachment or click on the link.

If you have any suspicions, you should contact the company directly and ask to confirm the electronic letter. Furthermore, avoid clicking on unknown commercial content online, such as ads, banners[2], surveys or unverified links.

NOT_OPEN LOCKER ransomware elimination guidelines

Researchers[3] note that ransomware-type infections are the most dangerous ones. Thus, regular computers might not be able to remove NOT_OPEN LOCKER on their own and even damage their system. The best option is to get professional help to deal with file-encrypting viruses.

You should install a reliable anti-malware for NOT_OPEN LOCKER removal. You can either use one from the list below or pick your own. Run a full systems scan and let it identify ransomware-related files. Later, put them into quarantine and delete permanently.

If you are unable to download and install the security tool, boot your computer into Safe Mode. Instructions showing how to do it are appended below together with alternative file recovery steps. Please, be attentive and follow them strictly to avoid any potential damage to your system.

Offer
do it now!
Download
Reimage Happiness
Guarantee
Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of NOT_OPEN LOCKER virus. Follow these steps

Manual removal using Safe Mode

Start NOT_OPEN LOCKER removal by rebooting your computer into Safe Mode with Networking:

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Remove NOT_OPEN LOCKER using System Restore

  • Step 1: Reboot your computer to Safe Mode with Command Prompt
    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of NOT_OPEN LOCKER. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with ReimageIntego and make sure that NOT_OPEN LOCKER removal is performed successfully.

Bonus: Recover your data

Guide which is presented above is supposed to help you remove NOT_OPEN LOCKER from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.

If your files are encrypted by NOT_OPEN LOCKER, you can use several methods to restore them:

Install Data Recovery Pro

If you want to recover files encrypted by NOT_OPEN LOCKER ransomware, try using this professional software. Note that it might be handy if you have accidentally deleted important data as well.

  • Download Data Recovery Pro;
  • Follow the steps of Data Recovery Setup and install the program on your computer;
  • Launch it and scan your computer for files encrypted by NOT_OPEN LOCKER ransomware;
  • Restore them.

Try ShadowExplorer tool

Check if the ransomware hasn't deleted Shadow Volume Copies from your system. If they are still in place, use the instructions below.

  • Download Shadow Explorer (http://shadowexplorer.com/);
  • Follow a Shadow Explorer Setup Wizard and install this application on your computer;
  • Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
  • Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.

NOT_OPEN LOCKER decryptor

Unfortunately, experts are still working on NOT_OPEN LOCKER decryptor. Meanwhile, you can try using this tool which is designed for the original version — Everbe ransomware:

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from NOT_OPEN LOCKER and other ransomwares, use a reputable anti-spyware, such as ReimageIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Lucia Danes
Lucia Danes - Virus researcher

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Lucia Danes
About the company Esolutions

References