• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

MyAntiSpyware

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

LockerGoga ransomware virus – Information – Protection/Removal

Myantispyware team March 19, 2019    

What is LockerGoga ransomware?

LockerGoga ransomware is a malware that created in order to encrypt files stored on system disks. It hijack a whole machine or its data and demand a ransom in order to unlock (decrypt) them. LockerGoga ransomware appends the locked!? extension (locked) to encrypted file names. This article will provide you a brief summary of information related to LockerGoga ransomware and how to remove ransomware, how to restore encrypted files and how to protect computer from ransomware.

LockerGoga ransomware

‘LockerGoga ransomware’ – ransom note

The developers of the LockerGoga ransomware virus have a strong financial motive to infect as many computers as possible. The files that will be encrypted include the following file extensions:

.blob, .xbplate, .odp, .dazip, .wpl, .yml, .x, .bsa, .big, .raw, .wm, .2bp, .odc, .wpd, .xlsm, .wdb, .xlsm, .syncdb, .hkx, .psd, .hkdb, .t13, .r3d, .wn, .pdd, .xx, .wbd, .hvpl, .zi, .js, .m2, .srw, .asset, .wp6, .pfx, .wmd, .wpt, .xlsx, .wbk, .zip, .mov, .tax, .iwd, .wotreplay, .wp, .pptx, .orf, .dba, .psk, .wpg, .bc7, .vdf, .svg, .lrf, .pst, .xpm, .qic, .zif, .vpk, .wmv, .sav, .xls, .erf, .flv, .fos, .xdl, .upk, .1, .xbdoc, .dcr, .apk, .layout, .forge, .wri, .ibank, .avi, .wb2, .odm, .x3f, .xls, .ws, .srf, .ltx, .map, .p7b, .kdc, .rofl, .xar, .sie, .esm, .zdc, .p12, .iwi, .mp4, .litemod, .mef, .css, .kf, .xlsx, .re4, .wsc, .doc, .wpe, .w3x, .nrw, .3fr, .rwl, .rim, .wire, .wmo, .wps, .bkf, .d3dbsp, .wpa, .slm, .lbf, .bc6, .rb, .jpg, .icxs, .wps, .xmmap, .wsh, .pem, .3dm, .pkpass, .arch00, .cas, .crt, .m4a, .epk, .rar, .ai, .tor, .zabw, .vtf, .docx, .pptm, .desc, .7z, .x3f, .lvl, .webdoc, .zw, .vfs0, .das, .sum, .db0, .sr2, .wbm, .ff, .mpqge, .ncf, .wma, .3ds, .mdb, .cfr, .jpeg, .zdb, .mcmeta, .wgz, .pak, .xld, .wbz, .crw, .pdf, .fpk, .sb, .x3d, .mdbackup, .xyp, .bar, .vcf, .dwg, .bay, .odb, .wbc, .z3d, .xlgc, .ptx, .dmp, .itm, .vpp_pc, .t12, wallet, .mdf, .sidn, .eps, .docm, .wsd, .mrwref, .rw2, .itdb, .menu, .z, .cr2, .raf, .odt, .xmind, .cer, .xml, .dng, .ysp, .sis, .rgss3a, .xxx, .wp4, .accdb, .0, .py, .itl, .gho, .wp7, .mlx, .wpb, .wcf, .cdr, .bik, .1st, .der, .arw, .bkp, .dxg, .wbmp, .mddata, .xwp, .png, .kdb, .m3u, .xlk, .xdb, .xy3, .ntl, .wp5, .xf, .wot, .ybk, .wpd, .ods, .wma, .webp, .wmv, .xlsb, .wpw, .txt, .xyw, .y, .sql

Once the encryption process is finished, it will create a ransom note named “README-NOW.txt” offering decrypt all users documents, photos and music if a payment is made. An example of the ransomnote is:

Greetings!

There was a significant flaw in the security system of your company.
You should be thankful that the flaw was exploited by serious people and not some rookies.
They would have damaged all of your data by mistake or for fun.

Your files are encrypted with the strongest military algorithms RSA4096 and AES-256.
Without our special decoder it is impossible to restore the data.
Attempts to restore your data with third party software as Photorec, RannohDecryptor etc.
will lead to irreversible destruction of your data.

To confirm our honest intentions.
Send us 2-3 different random files and you will get them decrypted.
It can be from different computers on your network to be sure that our decoder decrypts everything.
Sample files we unlock for free (files should not be related to any kind of backups).

We exclusively have decryption software for your situation

DO NOT RESET OR SHUTDOWN - files may be damaged.
DO NOT RENAME the encrypted files.
DO NOT MOVE the encrypted files.
This may lead to the impossibility of recovery of the certain files.

To get information on the price of the decoder contact us at:
CottleAkela@protonmail.com;QyavauZehyco1994@o2.pl
The payment has to be made in Bitcoins.
The final price depends on how fast you contact us.
As soon as we receive the payment you will get the decryption tool and
instructions on how to improve your systems security

Instructions that is shown below, will help you to remove LockerGoga ransomware virus as well as restore encrypted files stored on your computer drives.

Table of contents

  1. How to remove LockerGoga ransomware virus
  2. How to decrypt locked!? files
  3. How to restore locked!? files
  4. How to protect your machine from LockerGoga ransomware?
  5. Finish words

How to remove LockerGoga ransomware virus

Before you start the procedure of restoring documents, photos and music that has been encrypted, make sure LockerGoga ransomware virus is not running. Firstly, you need to get rid of this virus permanently. Luckily, there are several malicious software removal utilities which will effectively detect and get rid of LockerGoga ransomware and other crypto virus malicious software from your machine.




Run Zemana Anti-malware to remove LockerGoga ransomware

Zemana Anti-malware highly recommended, because it can detect security threats such LockerGoga ransomware virus and other malicious software that most ‘classic’ antivirus applications fail to pick up on. Moreover, if you have any LockerGoga ransomware removal problems which cannot be fixed by this tool automatically, then Zemana Anti-malware provides 24X7 online assistance from the highly experienced support staff.

Please go to the link below to download Zemana. Save it on your Desktop.

Zemana AntiMalware
Zemana AntiMalware
165086 downloads
Author: Zemana Ltd
Category: Security tools
Update: July 16, 2019

Once the download is finished, close all apps and windows on your PC. Double-click the install file named Zemana.AntiMalware.Setup. If the “User Account Control” prompt pops up like below, click the “Yes” button.

Zemana uac

It will open the “Setup wizard” which will help you install Zemana on your computer. Follow the prompts and do not make any changes to default settings.

Zemana Anti Malware Setup Wizard

Once installation is done successfully, Zemana will automatically start and you can see its main screen as displayed in the figure below.

Now click the “Scan” button to begin checking your personal computer for the LockerGoga ransomware virus and other kinds of potential threats such as malware. While the Zemana AntiMalware (ZAM) tool is scanning, you may see how many objects it has identified as being infected by malicious software.

Zemana Anti Malware locate LockerGoga ransomware virus and other kinds of potential threats

As the scanning ends, you can check all items found on your machine. All detected items will be marked. You can get rid of them all by simply click “Next” button. The Zemana Free will delete LockerGoga ransomware virus and other malware and add items to the Quarantine. When the cleaning procedure is done, you may be prompted to reboot the PC system.

How to delete LockerGoga ransomware with MalwareBytes

We advise using the MalwareBytes Anti Malware. You can download and install MalwareBytes AntiMalware (MBAM) to scan for and remove LockerGoga ransomware virus from your machine. When installed and updated, this free malicious software remover automatically finds and deletes all threats exist on the PC.

Visit the page linked below to download the latest version of MalwareBytes Free for MS Windows. Save it on your Desktop.

Malwarebytes Anti-malware
Malwarebytes Anti-malware
327306 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020

Once the downloading process is complete, close all software and windows on your system. Double-click the install file named mb3-setup. If the “User Account Control” prompt pops up as shown below, click the “Yes” button.

MalwareBytes Free for Microsoft Windows uac prompt

It will open the “Setup wizard” which will help you install MalwareBytes Anti Malware on your computer. Follow the prompts and don’t make any changes to default settings.

MalwareBytes AntiMalware (MBAM) for Windows install wizard

Once installation is done successfully, click Finish button. MalwareBytes Free will automatically start and you can see its main screen as shown below.

MalwareBytes Free for Windows

Now click the “Scan Now” button . MalwareBytes program will scan through the whole PC system for the LockerGoga ransomware virus and other security threats. This task may take some time, so please be patient.

MalwareBytes AntiMalware for Windows detect LockerGoga ransomware virus and other security threats

When the scan get finished, MalwareBytes AntiMalware will show a list of all items detected by the scan. Review the results once the tool has done the system scan. If you think an entry should not be quarantined, then uncheck it. Otherwise, simply click “Quarantine Selected” button. The MalwareBytes will remove LockerGoga ransomware virus related files, folders and registry keys and add threats to the Quarantine. Once the process is complete, you may be prompted to reboot the computer.

MalwareBytes Anti-Malware for MS Windows reboot prompt

We recommend you look at the following video, which completely explains the process of using the MalwareBytes to remove adware, hijacker and other malicious software.

Remove LockerGoga ransomware virus with KVRT

KVRT is a free removal tool that can check your personal computer for a wide range of security threats like the LockerGoga ransomware as well as other malicious software. It will perform a deep scan of your machine including hard drives and MS Windows registry. When a malware is detected, it will help you to remove all detected threats from your system by a simple click.

Download Kaspersky virus removal tool (KVRT) on your computer from the following link.

Kaspersky virus removal tool
Kaspersky virus removal tool
129308 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018

When downloading is finished, double-click on the Kaspersky virus removal tool icon. Once initialization process is finished, you’ll see the Kaspersky virus removal tool screen like below.

Kaspersky virus removal tool main window

Click Change Parameters and set a check near all your drives. Click OK to close the Parameters window. Next press Start scan button to start checking your computer for the LockerGoga ransomware and other trojans and harmful apps. This process can take some time, so please be patient.

KVRT scanning

After the system scan is done, Kaspersky virus removal tool will show you the results as shown on the image below.

KVRT scan report

In order to delete all threats, simply click on Continue to start a cleaning task.

How to decrypt locked!? files

The LockerGoga ransomware virus uses a hybrid AES + RSA encryption mode. What does it mean to decrypt the files is impossible without the private key. Use a “brute forcing” is also not a method because of the big length of the key. Therefore, unfortunately, the only payment to the authors of the LockerGoga ransomware virus entire amount requested – the only method to try to get the decryption key and decrypt all your files.

Should you pay the ransom

If your documents, photos and music have been encrypted by the LockerGoga ransomware virus, We suggests: do not to pay the ransom. If this malware make money for its creators, then your payment will only increase attacks against you. Of course, decryption without the private key is not possible, but that does not mean that the LockerGoga ransomware must seriously disrupt your live.

Files encrypted by ransomware

Currently there is no available way to decrypt locked!? files, but you have a chance to restore encrypted photos, documents and music for free.

How to restore locked!? files

In some cases, you can restore files encrypted by LockerGoga ransomware. Try both methods. Important to understand that we cannot guarantee that you will be able to recover all encrypted personal files.




Use shadow copies to recover locked!? files

A free utility named ShadowExplorer is a simple way to use the ‘Previous Versions’ feature of Microsoft Windows 10 (8, 7 , Vista). You can restore locked!? photos, documents and music encrypted by the LockerGoga ransomware virus from Shadow Copies for free.

Click the link below to download ShadowExplorer. Save it on your Windows desktop.

ShadowExplorer
ShadowExplorer
439698 downloads
Author: ShadowExplorer.com
Category: Security tools
Update: September 15, 2019

Once the download is finished, open a directory in which you saved it. Right click to ShadowExplorer-0.9-portable and select Extract all. Follow the prompts. Next please open the ShadowExplorerPortable folder like below.

ShadowExplorer folder

Double click ShadowExplorerPortable to start it. You will see the a window as shown on the screen below.

ShadowExplorer

In top left corner, choose a Drive where encrypted photos, documents and music are stored and a latest restore point as displayed in the following example (1 – drive, 2 – restore point).

ShadowExplorer

On right panel look for a file that you want to recover, right click to it and select Export as shown below.

ShadowExplorer recover file

Run PhotoRec to recover locked!? files

Before a file is encrypted, the LockerGoga ransomware makes a copy of this file, encrypts it, and then deletes the original file. This can allow you to recover your files using file recover apps like PhotoRec.

Download PhotoRec from the link below.

PhotoRec
PhotoRec
221345 downloads
Author: CGSecurity
Category: Security tools
Update: March 1, 2018

When the downloading process is finished, open a directory in which you saved it. Right click to testdisk-7.0.win and choose Extract all. Follow the prompts. Next please open the testdisk-7.0 folder as on the image below.

testdisk photorec folder

Double click on qphotorec_win to run PhotoRec for Windows. It will display a screen as displayed on the screen below.

PhotoRec for windows

Select a drive to recover as displayed in the figure below.

photorec select drive

You will see a list of available partitions. Select a partition that holds encrypted files as shown on the image below.

photorec choose partition

Click File Formats button and specify file types to restore. You can to enable or disable the restore of certain file types. When this is done, click OK button.

PhotoRec file formats

Next, click Browse button to select where recovered photos, documents and music should be written, then click Search.

photorec

Count of recovered files is updated in real time. All restored documents, photos and music are written in a folder that you have chosen on the previous step. You can to access the files even if the recovery process is not finished.

When the restore is finished, click on Quit button. Next, open the directory where restored personal files are stored. You will see a contents as displayed in the figure below.

PhotoRec - result of restore

All restored personal files are written in recup_dir.1, recup_dir.2 … sub-directories. If you’re searching for a specific file, then you can to sort your recovered files by extension and/or date/time.

How to protect your machine from LockerGoga ransomware?

Most antivirus programs already have built-in protection system against the ransomware virus. Therefore, if your personal computer does not have an antivirus application, make sure you install it. As an extra protection, use the HitmanPro.Alert.

Use HitmanPro.Alert to protect your system from LockerGoga ransomware

All-in-all, HitmanPro.Alert is a fantastic utility to protect your computer from any ransomware. If ransomware is detected, then HitmanPro.Alert automatically neutralizes malware and restores the encrypted files. HitmanPro.Alert is compatible with all versions of Microsoft Windows OS from MS Windows XP to Windows 10.

Download HitmanPro Alert on your MS Windows Desktop by clicking on the link below.

HitmanPro.Alert
HitmanPro.Alert
6880 downloads
Author: Sophos
Category: Security tools
Update: March 6, 2019

Once the download is complete, open the directory in which you saved it. You will see an icon like below.

HitmanPro.Alert file icon

Double click the HitmanPro.Alert desktop icon. After the utility is started, you’ll be displayed a window where you can select a level of protection, as displayed on the image below.

HitmanPro.Alert install

Now press the Install button to activate the protection.

Finish words

Now your machine should be free of the LockerGoga ransomware. Uninstall KVRT and MalwareBytes AntiMalware. We advise that you keep Zemana (to periodically scan your PC system for new malicious software). Probably you are running an older version of Java or Adobe Flash Player. This can be a security risk, so download and install the latest version right now.

If you are still having problems while trying to remove LockerGoga ransomware virus from your system, then ask for help here.

 

Virus

 Previous Post

How to remove Trojan.Win32.Generic!BT [Virus removal guide]

Next Post 

How to remove Fywaharhedt.info pop-ups [Chrome, Firefox, IE, Edge]

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply

New Guides

Polexar.com Review, Fake ELON Bitcoin Promo Codes Scam
scam alert
Beware of Koppro.top: Fake Bitcoin Promo Code Scams
How to remove Lopplarting.com pop-up ads
scam alert
Hypschonerms.com Virus Removal Guide
scam alert
How to remove Meatitenes.co.in pop-up ads

Follow Us

Search

Useful Guides

Smart Captcha Virus redirect
What is a Virus that Redirects Web Pages? A Comprehensive Guide
How to reset Mozilla Firefox (Updated Apr. 2018)
Iphone Calendar virus spam
Iphone Calendar Virus/Spam 2022 (Removal guide)
How to remove pop-up ads [Chrome, Firefox, IE, Opera, Edge]
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)

Recent Guides

Trojan.Win32.Generic!BT
How to remove Trojan.Win32.Generic!BT [Virus removal guide]
install.easy-pdf.com
How to remove Install.easy-pdf.com pop-ups [Chrome, Firefox, IE, Edge]
Trojan.Gen.MBT
How to remove Trojan.Gen.MBT [Virus removal guide]
Klope ransomware
.Klope file extension ransomware (Restore, Decrypt .klope files)
Ciantel.com
How to remove Ciantel.com [Chrome, Firefox, IE, Edge]

Myantispyware.com

Myantispyware has been a trusted source for computer security and technology advice since 2004. Our mission is to provide reliable tech guidance and expert, practical solutions to help you stay safe online and protect your digital life.

Social Links

Pages

About Us
Contact Us
Privacy Policy

Copyright © 2004 - 2024 MASW - Myantispyware.com.