ScammerLocker ransomware (Virus Removal Guide) - Bonus: Decryption Steps
ScammerLocker virus Removal Guide
What is ScammerLocker ransomware?
ScammerLocker – a malicious virus which locks up personal files
ScammerLocker is a crypto-virus which is based on the HiddenTear open-source project. When it infiltrates victim's machines, it locks up a variety of personal files using AES cipher and appending .jodis file extension. Then ransomware drops a FILES_ENCRYPTED.txt ransom note and demands a payment in cryptocurrency for data release.
This deadly crypto-virus is named after a so-called tech support scammer, who’s picture is displayed on the main program window. It is currently unknown who the person is. Also, ScammerLocker virus was developed by hackers who are linked to “Jodis Hunter Team”; therefore, some security experts might refer to this malware as Jodis Hunter ransomware.
As soon as ScammerLocker infects the machine, it renders files like .jpg, .mpeg, .txt, .cab, .bin, .html, .exe completely useless. For example, a file called picture.jpg is turned into picture.jpg.jodis. The only way to decrypt files is by using a unique key which is stored on a remote server, closely guarded by hackers. Without it, recovering files is almost impossible.
However, authors of ScammerLocker suggest a data recovery solution which is not recommended to follow by security experts. The .txt file created by criminals states the following message:
You my friend, have been caught. Don't bother installing AntiVirus.
Because You're f**ked.
You can only decrypt your files with our decrypter, and a special key.
You must buy 10 IOTA and send it to [random characters]
[Click here for info on buying IOTA|HYPERLINK]
Or if you want to decrypt your files for free,
simply send an email to email@example.com and then we can negotiate.
Good day, Jodis Hunter Team.
Hackers are asking for 10 IOTA, which is around 13.68 USD at the time of the writing. It might not seem like much and many users might consider contacting criminals to recover their precious files. However, we encourage you to restrain yourself from doing so. After all, there is always a chance you might not recover your data or you might be blackmailed into transferring more money.
Thus, you should remove ScammerLocker instead of communicating and having business with cyber criminals. Unfortunately, virus removal won't help to recover files, but you will be able to use your PC safely and try alternative data recovery methods. Our team has suggested several methods that might help to get back access to some of the locked files.
We want to discourage you from manual ScammerLocker removal. Instead, you have to employ robust security software for the job, such as RestoroIntego or Malwarebytes. These tools ensure that virus elimination is safe. Attempts to locate and delete ransomware-related components manually often end up with irreparable system damage.
ScammerLocker virus locks up all personal files and renders them useless. Do not attempt to contact cybercriminals and get rid of the ransomware instead.
Ways to protect yourself from a deadly crypto-virus
Developers of ransomware usually use numerous distribution methods to infect computers. Security experts from Faravirus warn that users need to be careful when browsing the web and have backups of the most important data. Authors of file-encrypting malware use social engineering and other sophisticated techniques that trick even the advanced computer users.
The most prominent ransomware distribution method is spam emails. This method is often used by crooks because it is incredibly effective as many users carelessly open emails which they believe are coming from a legitimate source. However, email authors are not who they pretend to be.
Thus, whenever you open an email from an unknown source, you should first check what address is it coming from and look for other signs. If you noticed that something does not feel right, DO NOT open the email, click on any links or download any attachments presented. Instead, delete the email immediately.
We must also warn you that using illegal software, keygens and similar can lead to serious infections, including ransomware infiltration. Thus, avoid questionable websites (such as torrents, crack sites, etc.) and pick legitimate software download sources.
Eliminate ScammerLocker ransomware correctly
To remove ScammerLocker virus, you do not need to contact cyber criminals and pay them a demanded sum of money. As we have mentioned in the beginning, it may lead to money loss or blackmailing. Additionally, keeping ransomware on the system might lead to encryption of new files and infiltration of other cyber threats. Hence, no matter how important your files are, you should focus on ransomware removal.
To ensure safe and correct ScammerLocker removal, you should employ a reputable anti-malware software, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes. These programs are designed to deal even with the most stubborn viruses. Remember that ransomware might prevent the security application from starting. In that case, reboot your PC in Safe Mode with Networking as explained below:
Getting rid of ScammerLocker virus. Follow these steps
Manual removal using Safe Mode
Safe Mode will allow running automatic ransomware removal:
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.
Step 1. Access Safe Mode with Networking
Manual malware removal should be best performed in the Safe Mode environment.
Windows 7 / Vista / XP
- Click Start > Shutdown > Restart > OK.
- When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
- Select Safe Mode with Networking from the list.
Windows 10 / Windows 8
- Right-click on Start button and select Settings.
- Scroll down to pick Update & Security.
- On the left side of the window, pick Recovery.
- Now scroll down to find Advanced Startup section.
- Click Restart now.
- Select Troubleshoot.
- Go to Advanced options.
- Select Startup Settings.
- Press Restart.
- Now press 5 or click 5) Enable Safe Mode with Networking.
Step 2. Shut down suspicious processes
Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Click on More details.
- Scroll down to Background processes section, and look for anything suspicious.
- Right-click and select Open file location.
- Go back to the process, right-click and pick End Task.
- Delete the contents of the malicious folder.
Step 3. Check program Startup
- Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
- Go to Startup tab.
- Right-click on the suspicious program and pick Disable.
Step 4. Delete virus files
Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:
- Type in Disk Cleanup in Windows search and press Enter.
- Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
- Scroll through the Files to delete list and select the following:
Temporary Internet Files
- Pick Clean up system files.
- You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):
After you are finished, reboot the PC in normal mode.
Remove ScammerLocker using System Restore
System Restore might help with getting rid of the malware as well:
Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
- Click Start → Shutdown → Restart → OK.
- When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
- Select Command Prompt from the list
Windows 10 / Windows 8
- Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
- Now select Troubleshoot → Advanced options → Startup Settings and finally press Restart.
- Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Step 2: Restore your system files and settings
- Once the Command Prompt window shows up, enter cd restore and click Enter.
- Now type rstrui.exe and press Enter again..
- When a new window shows up, click Next and select your restore point that is prior the infiltration of ScammerLocker. After doing that, click Next.
- Now click Yes to start system restore.
Bonus: Recover your dataGuide which is presented above is supposed to help you remove ScammerLocker from your computer. To recover your encrypted files, we recommend using a detailed guide prepared by 2-spyware.com security experts.
As we already mentioned, you should avoid contacting cybercriminals at all costs. Instead, try these data recovery tools:
If your files are encrypted by ScammerLocker, you can use several methods to restore them:
Try Data Recovery Pro
Data Recovery Pro is used to fix corrupted or broken files. In some cases, it might help you recover files encrypted by ScammerLocker ransomware.
- Download Data Recovery Pro;
- Follow the steps of Data Recovery Setup and install the program on your computer;
- Launch it and scan your computer for files encrypted by ScammerLocker ransomware;
- Restore them.
Windows Previous Versions feature might be useful
Windows Previous Versions feature can only be used if you had System Restore enabled at the time of the virus attack.
- Find an encrypted file you need to restore and right-click on it;
- Select “Properties” and go to “Previous versions” tab;
- Here, check each of available copies of the file in “Folder versions”. You should select the version you want to recover and click “Restore”.
If the virus did not erase shadow volume copies, ShadowExplorer is a perfect tool for file recovery.
- Download Shadow Explorer (http://shadowexplorer.com/);
- Follow a Shadow Explorer Setup Wizard and install this application on your computer;
- Launch the program and go through the drop down menu on the top left corner to select the disk of your encrypted data. Check what folders are there;
- Right-click on the folder you want to restore and select “Export”. You can also select where you want it to be stored.
ScammerLocker decrypter is not available yet
Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from ScammerLocker and other ransomwares, use a reputable anti-spyware, such as RestoroIntego, SpyHunter 5Combo Cleaner or Malwarebytes
How to prevent from getting ransomware
Do not let government spy on you
The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet.
You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.
Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.
Backup files for the later use, in case of the malware attack
Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.
When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.
- ^ Advanced Encryption Standard. Wikipedia. The free encyclopedia.
- ^ Faravirus. FaraVirus. Romanian cybersecurity news.
- ^ How Can I Identify a Phishing Website or Email? . Yahoo. Safety center.