Coin Locker Ransomware - How To Remove?

 

Though Coin Locker ransomware is written in easily decryptable cipher, called Ceasar Cipher, it can cause you quite a headache. The title of this cipher comes from the actual Julius Caesar who encrypted messages by substituting each letter with another one a certain amount of places before or after it in the same alphabet.

About Coin Locker Ransomware

The type of Caesar Cipher utilized by Coin Locker ransomware is known under the title of ROT4. This particular cipher moves the initial character four characters to the left direction. For instance, the letter ‘‘A’’ is substituted for the letter ‘‘E’’ and so forth. This is how this encryption algorithm works. Coin Locker file-encrypter targets all files, except the ones having the words: ‘‘Mozilla’’, ‘‘Google’’, ‘‘Windows’’or ‘‘Notepad’’ in their path. It appends ‘‘.encrypted’’ extension to the filename extensions of encrypted files. For example, ‘‘book.pdf’’ is turned into ‘‘book.pdf.encrypted’’.

When the encryption is over, Coin Locker cryptomalware drops ‘‘Coin.Locker.txt’’ file in every folder of encrypted files. This file carries the ransom note. The message reads as follows:

You have been infected with the Coin Locker malware.
All files on this system have been encrypted.
To regain access to your files you will need the Coin Locker decryption software.
To obtain our software you will need to access the deep web with TOR, download TOR here:
https://www.torproject.org/download/download-easy.html.en
Launch TOR and navigate to our website:
http://unjbvgrxu2mpobuj.onion
Follow the steps on the site to use the decryption software and your files will be unlocked.

As you can see, the ransom message contains a link to a TOR site where the payment is supposed to be made. The size of the ransom has been reported to fluctuate from 50 to 500 USD. As usual, it is demanded to be transferred in cryptocurrency, namely, bitcoins.

How is Coin Locker Ransomware Spread?

Coin Locker virus has two distribution methods. The first one is a typical one of trojan viruses. It is the technique of sending infected spam e-mails to the victim. These spam e-mails have malicious links embedded in or malicious attachments added to. They can be disguised as important e-mails from such companies as the giants of delivery service FedEx or such institutions as the Customs agency. They can also have no sender at all. In each case, it is recommended to shut eyes to such e-mails. The other distribution method of Coin Locker ransomware involves BlackHole EK (exploit kit). This EK downloads and installs the ransomware on your computer’s system when you follow some compromised links and visit malicious websites. Thus, it is important to listen to your web browser when it blacklists some URLs and warns you about possible dangers of visiting it. Additionally, credible antivirus, such as Reimage or SpyHunter, is a must.

How to Decrypt Files Encrypted by Coin Locker Ransomware?

The cyber security researcher Nathan Scott developed a decryptor for Coin Locker crypto virus. The decryption key is to be downloaded from the following link http://download.bleepingcomputer.com/Nathan/Coin_Locker_Decrypter.exe. Once you download and install this program, double-click it and make it run. It is an easy-to-use tool, all directions will be clearly communicated, when you have launched it. The other part of the work involves the deletion of the malware from your computer. Employ Reimage or SpyHunter automatic malware removal tools to succeed in this mission. You can also make an attempt to manual removal, following our free guide of manual removal for Coin Locker ransomware. The instructions are displayed here.

       
 

About the author

 - Main Editor
I have started 2-viruses.com in 2007 after wanting to be more or less independent from single security program maker. Since then, we kept working on this site to make internet better and safer place to use.
 
July 28, 2016 02:14, March 14, 2017 05:07
 
   
 

Leave a Reply

Your email address will not be published. Required fields are marked *