LockerGoga Ransomware is a dangerous malware threat that is used by its creators in online blackmailing schemes – the virus is supposed to encrypt the personal data files stored on the infected PC thus rendering them inaccessible to anyone who tries to the computer’s user. Once this initial stage of the infection has been carried out, the malware would display a note on the user’s desktop or generate a notepad file within the directories where the encrypted files are stored. The note’s purpose is to inform the victim that their only way of regaining access to the sealed documents is by making a payment to the hacker who is in control of the virus. If the user refuses, the key that can unlock the files would never get sent to them. Now, this is actually a very common blackmailing scheme and viruses that programmed to do that are called Ransomware. You have likely already heard about this malware category and for a good reason. Ransomware viruses are everywhere nowadays and are considered to be some of the worst cyber-threats today. Although most such infections leave the targeted PC unharmed and do not actually damage the data which is on it, dealing with such viruses is very difficult and currently there aren’t any universal ways of overcoming such an infection.
More about Ransomware
There are two main sub-groups of Ransomware viruses: screen-lockers and data-encryptors. Both categories are really unpleasant but the data-encrypting Ransomware programs also known as cryptoviruses are regarded as the more advanced and dangerous ones. While screen-lockers typically use a simple banner superimposed over the user’s screen which prevents the victim from using their PC and interacting with its interface, the cryptoviruses use a sophisticated encryption algorithm to render the personal files of the user inaccessible. It is easier to handle a screen-locker because,as soon as the malware is removed the lockdown on the screen goes away as well. The same, however, cannot be said about data-encrypting Ransomware. In this case, even if the virus is removed from the PC, the encryption is likely to remain on the files keeping them inaccessible. Unfortunately, LockerGoga belongs to the latter group of Ransomware and if you currently have this infection on your PC, your potential courses of action aren’t many.
Still, as you can see, on this page, we have tried to offer our readers who seek help against LockerGoga a removal guide that might help them eliminate the infection. In the said guide, you can find a separate section with several methods regarding the recovery of files that might have been locked-up by the malware. Just note that we can’t promise you that your data will be restored – LockerGoga is one of the newest infections of the cryptovirus Ransomware category meaning that it is likely highly-advanced.
The fact that infections like LockerGoga Ransomware use encryption to carry out their agenda is of central importance as it is the main reason why such viruses are so problematic. For starters, as we said above, the encryption is likely to stay on the files even if the Ransomware is no longer inside the computer system. Another thing that needs to be mentioned is that, due to the overall lack of harmful activities during the encryption process, most of the time viruses like LockerGoga are able to stay undetected. Even reliable antivirus programs oftentimes tend to get bypassed by such infections which further attributes to the high success rate of this malware category. Symptoms are also rare – occasionally, there might be some system slow-down while the malware is still encrypting the files but if you have a powerful machine, the difference in the performance might be so insignificant that you’d likely be unable to notice anything suspicious.
System and data security
Ransomware viruses really need to be avoided else you might lose your most important personal and/or work-related data. Note that even paying the ransom doesn’t guarantee the recovery of the files – the hackers could simply decide not to send you the key for the encryption even after you have transferred the requested sum. Due to this, it is generally inadvisable to agree to make the payment as you might simply lose your money for no reason whatsoever.
As far as avoiding Ransomware is concerned, you really ought to stay careful while on the Internet – avoid shady download sources and do not install or open any suspicious files on your system. It should also go without saying that you shouldn’t open any spam e-mail attachments or links or interact with any other type of shady-looking Internet content. Lastly, we’d like to remind you that, as long as your most important data files have been backed up in some other location (a cloud, an external HDD, etc.), no Ransomware would be able to get to them and you will always have safe copies so that you can’t get blackmailed even if a virus like LockerGoga infiltrates your system and encrypts the original data.
|Danger Level||High (Ransomware is by far the worst threat you can encounter)|
|Symptoms||Heavy use of RAM and CPU might give away a potential infection by Ransomware.|
|Distribution Method||Pirated program installers, shady web messages/spam, malvertising as well as with the help of other viruses (backdoor malware).|
Remove LockerGoga Ransomware
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: The Hosts file
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the virus.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to LockerGoga Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.
The previous steps were all aimed at removing the LockerGoga Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. For that, we have a separate article with detailed instructions on what you have to do in order to unlock your data. Here is a link to that guide.
Daniel Sadakov has a degree in Information Technology and specializes in web and mobile cyber security. He harbors a strong detestation for anything and everything malicious and has committed his resources and time to battling all manners of web and mobile threats. He has founded MobileSecurityZone.com, a website dedicated to covering the top tech stories and providing useful tips for the everyday user, in an effort to reach and help more people.