Skip to content
  • Active
  • Severity: High
  • Ransomware
  • Windows
  • Verified · Nov 2018

How to remove unlockmeplease@cock.li ransomware

A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.

Alice Woods · Likes to teach users about virus prevention

Unlockmeplease@cock.li ransomware is another cryptovirus linked to Lazarus group and Hermes family

Unlockmeplease@cock.li ransomware is a persistent cryptovirus that belongs to Hermes ransomware family. However, the association does not make it less dangerous because the notorious family has been distributed using a trojan called AZORult. The ransomware belongs to the same group as Hermes 2.0 and Hermes 2.1 which employ the mixture of RSA and AES encryption algorithms[1] while trying to encrypt target data. The particular unlockmeplease@cock.li virus encrypts data using AES-256 and RSA-2048 chippers and then marks encoded files with .[unlockmeplease@cock.li ].hrm file extension. After the encryption, victims receive DECRYPT_INFORMATION.HTML ransom note that discloses more details about the attack. At the moment, the virus mainly focuses on the western part of Europe but there is always a possibility to get infected no matter in which part of the world you live. 

Name Unlockmeplease@cock.li ransomware
Type Cryptovirus
Related Hermes
Extension .[unlockmeplease@cock.li ].hrm
Encryption method AES-256 and RSA-2048
Contact email decryptsupport@protonmail.com; unlockmeplease@cock.li
Ransom note DECRYPT_INFORMATION.HTML
Distribution  Exploit kits, spam email campaigns, malware
Elimination Use FortectIntego for system cleaning and virus damage removal

Unlockmeplease@cock.li ransomware virus targets photos, videos, documents, and other personal files that can get encoded immediately after the initial infiltration. Before that, the virus adds its registry keys and other components keeping it persistent. The process is fairly quick and, when the original code of target files is changed, data becomes unreachable. Unfortunately, the only solution for the recovery of encoded files is backups and third-party tools.

When unlockmeplease@cock.li ransomware encrypts your files, it generates the ransom note and places it on the system in a DECRYPT_INFORMATION.HTML file. Typically, it reads the following:

All your important files are encrypted
Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact with us, pay, and get decryptor software. 
We accept Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io 
You have unique idkey (in a yellow frame), write it in letter when contact with us.
Also you can decrypt 1 file for test, its guarantee what we can decrypt your files.
Contact information:
primary email: decryptsupport@protonmail.com
reserve email: decryptsupport1@cock.li

Unfortunately, [unlockmeplease@cock.li ].hrm ransomware has no legitimate decryption tool that could work for files' recovery. If you have been thinking about paying the demanded ransom, you shouldn't as people you are about to deal with is hackers. The best solution in case of the ransomware attack is to block the virus, eliminate its malicious files and then restore encrypted files using backups or data recovery programs. 

Use a reputable anti-malware program and clean the system further with repair tools like FortectIntego. For unlockmeplease@cock.li ransomware removal, try tools that are provided at the end of this article. You need to make sure that there is nothing additional on the system because it is known that trojans[2] or other malware can be used to spread this version.

In this case, unlockmeplease@cock.li ransomware has been spread by AZORult trojan. The main distribution technique for malware like this is spam email campaigns and infected email attachments. When the user opens a malicious file on the system, it gets infected with a direct ransomware.

Once you remove unlockmeplease@cock.li ransomware, move on to system repair procedure. Note that the cryptovirus spreads around together with different components that need to be eliminated as well. When your device is clean, it is safe to restore encrypted data. For that, use backups or data recovery methods that we listed below.

Avoid ransomware infiltration via email attachments

Security experts[3] always stress the issue of spam email campaigns and possible dangers behind safe-looking documents as file attachments. MS Word or Excel files can be infected with macros[4] and spread various types of malware on targeted devices. 

Ransomware payload can be attached directly to this file and load automatically when the victim downloads and opens an infected document on the PC. You can avoid these infiltrations if you pay more attention because insecure emails have:

  • suspicious file attachments in a format of a document;
  • senders often disguised as well-known services;
  • you cannot answer the email;
  • the email contains typos;
  • the subject line is stating about financial reports.

Remove unlockmeplease@cock.li ransomware and additional malware from the system

Before you proceed with unlockmeplease@cock.li ransomware removal, you need to make sure that you have chosen reputable tools. If you don't have a trustworthy anti-malware in mind, use FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes to scan the device thoroughly. Follow every step the program suggests to terminate all dangerous files.

When you know that you are ready to remove unlockmeplease@cock.li ransomware completely, you can restore encoded data. Double-check the system and make sure that there is no additional malware left on the device and try our suggestions below. If your system is indicated as clear, you can recover your files encrypted by Hermes from the external hard drive, the cloud service or by using steps given below. 

Be the first to comment

Spyware news
Privacy preferences

We use cookies to improve your experience and analyze traffic. Some cookies enable embedded content like videos and social posts. Choose what you allow — you can change this anytime.