Remove @LOCKED Ransomware And Restore Locked Data

@LOCKED Ransomware

@Locked is a ransomware-type malware that infiltrates systems via ‘trojans’. Once infiltration is successful, this malware encrypts various files stored on the system. To achieve this, ransomware uses the AES-256 encryption algorithm and, therefore, a public and a private key is generated during encryption. Note that this ransomware adds a ‘@Locked’ extension to each encrypted file. After encrypting the files, this ransomware changes the victim’s desktop wallpaper and creates a WindowsUpdated@Locked file. Both the file and desktop wallpaper contain a message stating that the files are encrypted and the user must pay a ransom

The @LOCKED Ransomware is a member of a well-known crypto-threat family called ‘Unlock92.’ The @LOCKED Ransomware is categorized as a slightly modified copy of the Unlock92 Ransomware. The @LOCKED Ransomware shares code with the Naampa Ransomware and the Gedantar Ransomware. All three cyber-threats belong to the same family, and they are used in attacks on regular PC users. The attack vector chosen for the @LOCKED Ransomware is spam emails that carry a weaponized text file. PC users may be lured into running a bad macro script under the pretense that they cannot load the text file properly unless they run the embedded macro. The @LOCKED Ransomware Trojan is installed to the AppData directory, and it is loaded in the system memory as soon as its components are downloaded. The @LOCKED Ransomware may hide its process by using names of legitimate programs like Java, Adobe Acrobat Reader, Task Manager and the Windows Update. You may become aware of an increased CPU usage and disk read/write load. The @LOCKED Ransomware is programmed to transcode targeted images, text, audio, video, eBooks, presentations, spreadsheets and databases using a custom AES cipher. The process produces an encryption key, a decryption key and encrypted data. The decryption key is sent to the ‘Command and Control’ servers of the threat actors who keep a record of the infected machines. The encrypted data overwrites the original data on your device and the Shadow Volume snapshots made by Windows are deleted. The @LOCKED Ransomware mark encrypted files by adding a custom string to the filenames. User reports show that the @LOCKED Ransomware writes ‘.@LOCKED’ to filenames. For example, something like ‘Master and Commander-2003.mkv’ is renamed to ‘Master and Commander-2003.mkv.Iwea41ua0Y@LOCKE.’ The ransom note is saved as ‘.txt’ (example: ‘Iwea41ua0Y.txt’) to the desktop and includes a message in Russian and English:

Ransom Note Shown By @LOCKED Ransomware

‘Your files have been encrypted.
If you want to restore files, send one more file us to the e-mail:
Only in case you do not receive a response from the first email address
withit 24 hours, please use use TOR browser from www.torproject[.]com and see current
e-mail in hxxp://n3r2kuzhw2hx6j5[.]onion (hxxps://n3r2kuzhw2h7x6j5.tor2web[.]io/ – from any other browser w/o using a TOR)
Using another tools could corrupt your files, in case of using third party
software we dont give guarantees that full recovery is possible so use it on
your own risk.’

Download SpyHunter To Remove @LOCKED Ransomware Virus

How to Remove @LOCKED Ransomware From PC

@LOCKED Ransomware is quite good at hiding itself in compromised machine, and hence it is become a bit tricky for victims to delete it from their PC. Well, there are two different ways to remove @LOCKED Ransomware from infected computer. The first method is manual removal which is quite risky and complex. In order to delete this particular threat manually users will requite essential technical expertise. However, the second way is using Automatic Removal Tool which is quite reliable, safe easy.

How to Remove @LOCKED Ransomware From Your PC

 Option A : Remove @LOCKED Ransomware & Recover Your Data Automatically 

 Option B : Remove @LOCKED Ransomware Manually From PC (Complicated & Risky, Require Technical Skills)

Option A : Remove @LOCKED Ransomware & Recover Your Data Automatically 

Step 1 :- Remove @LOCKED Ransomware With SpyHunter

About SpyHunter

SpyHunter is one of the leading and most trust anti-malware application. It is designed to detect and remove harmful threats and viruses easily from infected PC. It is configured to give you best and optimal security from daily new malware and spyware. It is an interactive and easy to use software that needs no technical knowledge. This powerful anti-spyware applications is programmed to give real time protection to your computer from online threats and bugs. SpyHunter can easily detect and remove rootkits, rogue anti-spyware, Trojan, Malware, Spyware, Worms and other threats. It can deeply scan your system to find out hidden viruses and block all types malicious process. It also comes with Spyware HelpDesk feature through which you can seek help from certified technicians and ask for custom fix of your computer. You can download the trial version of SpyHunter Malware scanner to scan your PC.

How To Use SpyHunter Malware Scanner

Step 1 :- Click on the below button to Download Malware Scanner on your PC.

Step 2 :- Install the software and click on Scan Computer Now! Option.

Step 3 :- Software will detect all hidden threats on your system.

Step 2 :- Click On Fix Threats button to remove viruses completely.

Step 2 :- Recover Your Encrypted Files WIth Data Recover Pro Software

  • Download the Data Recovery Pro software on your computer.

  • Click on Start Scan button to run a full scan of your computer.

  • Now select all your important files and click on Recover button to get back your data.


Option A : Remove @LOCKED Ransomware Manually From PC (Complicated and Risky)

Well, if you are a computer geek and you have malware removal experience then you must try manual methods. However, for new users this opinion can proves tricky as it is quite complicated and unreliable. Even a common mistake while removing @LOCKED Ransomware manually can turn even nasty for you and can contribute further damage in your system.

Step 1 :- Boot Your PC in Safe Mode

  • Restart Your PC to open boot menu.

  • Keep pressing F8 button until Windows Advanced Option appears on your system screen.

  • Now choose Safe Mode With Networking Option using arrow key and press Enter.

Step 2 :- Remove @LOCKED Ransomware From Browsers

Remove Malicious Extension

  • Open browser and click on (⋮) icon to open browser Menu.

  • Select Tools and then open Extensions option.

  • Select all malicious extensions and then click the Trash icon to delete this threat completely.

Reset Browser Settings

  • Open browser and click on Menu (⋮) icon.

  • Click on Settings and select the Show Advance Settings option.

  • Go to the end of the page and click Reset Settings button.

Remove Malicious Extension

  • Open Firefox browser and click on gear (☰) icon to open Menu.

  • Click on Add-Ons option from drop down menu.

  • Go to Extensions option from left panel.

  • Select and remove @LOCKED Ransomware related extension.

Reset Browser Settings

  • First of all open Firefox and click gear (☰) icon.

  • Now click on (?) icon from drop down list to open Help Menu.

  • Choose “Troubleshooting Information” and hit “Refresh Firefox” button.

Well, Microsoft Edge browser does not have the extension option so you should better reset browser settings to remove @LOCKED Ransomware from your Edge browser.

Reset Default Search Engine and Homepage

  • Open Microsoft Edge browser in your PC and click on More (…) option.

  • Go to Settings and Click on View Advanced Settings option.

  • Now click on Change Search Engine option.

  • Choose the desired search provider and click on Set as default option.

Remove Malicious Extension

  • Open your web browser and click Tools men.

  • Select Manage Add-ons option from drop down list.

  • Go to Toolbar and Extensions from left panel.

  • Select @LOCKED Ransomware and click disable tab to delete this malicious extension completely.

Reset Internet Explorer Setting

  • Open Internet Explorer and Click on “Tools” menu from upper right corner.

  • Select “Internet option” from drop down list.

  • Choose “Advanced tab” and click on “Reset” button.

  • Check out “Delete personal settings” check box, and click on “Reset” button.

Step 3 :- Terminate @LOCKED Ransomware Related Process From Windows Task Manger.

  • Press Ctrl+Alt+Del button simultaneously to open Windows Task Manager.

  • Click on Process tab to see all running process in your PC.

  • Find and select all malicious process and click End Process option.

Step 4 :- Uninstall @LOCKED Ransomware From Control Panel

  • Press “Windows + R”th keys together to open Run.

  • Now enter Control Panel and hit Enter button.

  • Go to Program Section and click on Uninstall a program.

  • From the list of all installed application select @LOCKED Ransomware and click uninstall tab.

Step 4 :- Delete @LOCKED Ransomware From Registry Editor

  • Press “Windows + R” button simultaneously on your keyboard.

  • Type “regedit” and click on OK button.

  • Find and delete all malicious registry entries created by @LOCKED Ransomware virus.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\@LOCKED Ransomware


HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = ’0′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore “DisableSR ” = ’1′

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe “Debugger” = ‘svchost.exe’

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “3948550101?

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “xas”




Leave a Comment

Your email address will not be published. Required fields are marked *