Home / Spyware Help / MedusaLocker Ransomware Removal Guide

MedusaLocker Ransomware Removal Guide

by 0 Comments

Do you know what MedusaLocker Ransomware is?

MedusaLocker Ransomware can encrypt a lot of different file types. Also, it looks like it can destroy Shadow copies as well, which is why recovering data affected by this malicious application might be impossible. After turning most of the files located on an infected computer unreadable, the threat should show a ransom note. It is supposed to explain that all files have been encrypted, and the only way to decrypt them is to purchase decryption tools from the malware’s developers. The note may claim that it is just businesses and that the hackers have no reason to trick their victims. However, you should realize that cybercriminals may say anything to make their victims pay, and you can never be sure they will hold on to their promises. If you do not want to put up with any demands, we advise deleting MedusaLocker Ransomware with no hesitation. It can be erased with the removal guide available below or with a reputable antimalware tool. After the system is cleaned, it should be safe to transfer backup data.

In the rest of the article, we discuss MedusaLocker Ransomware in more detail. To start with, we ought to explain where the malware might come from. Our computer security specialists say that a lot of similar threats travel with unreliable email attachments, installers, updates, and other files obtainable through the Internet. Thus, you should never open a file received from untrustworthy sources even if it does not appear to be malicious.

Ransomware installers can look like text documents, pictures, and similar types of files that most users would not expect to be harmful. If you want to keep your system safe, you should not open data from unreliable sources. Instead, you could scan it with a reliable antimalware tool. It is vital to scan files before opening them because sometimes it is enough to launch a file to initiate installation of some malicious application. Threats like MedusaLocker Ransomware can hide on a system, so victims may not realize that they have infected their systems for quite some time, for example, until the malware displays a ransom note.MedusaLocker Ransomware Removal GuideMedusaLocker Ransomware screenshot
Scroll down for full removal instructions

MedusaLocker Ransomware is not an exception as the threat leaves a file containing the ransom note soon after it finishes encrypting files. According to our researchers the malicious application enciphers all file types, except data with the following extensions: .exe .dll .ini .rdp .lnk .sys. Thus, system files and program data should not be affected. Unfortunately, various documents, archives, videos, photos, and files alike could be lost forever. This is why it is advisable to back up all valuable files as often as possible, to avoid losing them all after encountering a ransomware application.

The hackers behind the malware claim in the ransom note that they can deliver decryption means, but ask for a payment in return. As usual, users are requested to contact MedusaLocker Ransomware’s developers first. This might mean that a price could vary depending on the number of encrypted files or an estimation of how much a victim could pay. As said earlier, we do recommend against paying or contacting the threat’s creators if you do not think it is wise to trust them.

Lastly, we advise removing MedusaLocker Ransomware because it might be able to restart itself automatically as it creates a task in the %WINDIR%\System32\Tasks directory. Therefore, there is a risk it could encrypt new data each time it gets relaunched. If you do not want to take any chances, we advise erasing the malware by completing the instructions located at the end of this paragraph or employing a reputable antimalware tool that could eliminate it for you.

Remove MedusaLocker Ransomware

  1. Press Ctrl+Alt+Delete.
  2. Pick Task Manager and check the Processes tab.
  3. Locate a process belonging to the malware.
  4. Choose the process and click End Task.
  5. Exit Task Manager.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file opened when the device got infected, right-click the malicious file, and select Delete.
  9. Navigate to: %APPDATA%
  10. Locate a file called svchostt.exe, right-click it and select Delete.
  11. Find this location: %WINDIR%\System32\Tasks
  12. Look for a task named svchostt, right-click it and choose Delete.
  13. Search for files called HOW_TO_RECOVER_DATA.html, right-click them, and press Delete.
  14. Exit File Explorer.
  15. Press Windows Key+R.
  16. Type Regedit and click Enter to launch Registry Editor.
  17. Navigate to this path: HKCU\Software
  18. Search for a key called Medusa, right-click it and select Delete.
  19. Close Registry Editor.
  20. Empty Recycle bin.
  21. Restart the computer.

In non-techie terms:

MedusaLocker Ransomware is a tool for money extortion as it encrypts files to take them as hostages and drops a ransom note to explain to victims how to pay a ransom to get the decryption tools. It is not said how much money hackers wish to receive. Usually, prices vary between 20 and 500 US dollars. The most important thing to think about when considering paying a ransom is, can you risk losing the asked sum in vain. If not, we advise not to take any chances and to look for other ways to decrypt your files. Sadly, in this case, the only other option besides getting a decryption tool might be using backup copies, which not all victims might have. If you do have a backup and can restore all or some of your files, we recommend transferring them only after you delete MedusaLocker Ransomware. The malicious application could be erased manually, and if you need any help with this task, you could use the removal guide available above this paragraph. The other way to eliminate the threat is to install a reputable antimalware tool and perform a full system scan.