Alma Locker Ransomware Removal Guide

Do you know what Alma Locker Ransomware is?

If your personal files has been encrypted with Alma Locker Ransomware then your only solution is to remove it because its website is down and you will be unable to pay the ransom for the decryption key. Even if the site goes back online and you pay the ransom, there is no guarantee that you will get the decryption key. There is no other way to deal with this infection because there is no third-party decryption tool to decrypt your files for free. It uses a strong encryption method, and it will take time for security researchers to crack it, provided that they manage to crack it at all.

Our malware analysts have found that this particular ransomware is being distributed using malicious emails sent from a remote server to random email addresses. There is no indication that this ransomware targets specific countries, so it is probably distributed globally to make as much money as possible. The malicious emails it comes in can be disguised as tax-refund-related inquiries or unclassified emails that contain the information set to bait you and compel you to open the malicious attachment. Researchers say that the email is a simple file archive that you have to open or extract manually. In it, you will find a randomly named executable file that, when launched, will begin the encryption process.

This ransomware is configured to encrypt dozens of file formats that include, but are not limited to .docx, .dwg, .dwt, .dxf, .dxg, .eps, .ppt, .pptm, .pptx, .psd, .pst, .xls, .xlsm, .xlsx, and .xml. It will encrypt most files in all locations on your computer except PROGRAMFILES%, %PROGRAMFILES(x86)%, %ALLUSERSPROFILE%, and %APPDATA% which contain files that require Windows to run properly. Once the encryption is complete, this infection will drop a file named Unlock_files.html on the desktop and probably in all folders where files were encrypted.Alma Locker Ransomware Removal GuideAlma Locker Ransomware screenshot
Scroll down for full removal instructions

This file acts as the ransom note and states that your files have been encrypted. The file features in ID number that you have to enter in the login box of a website whose URL is also displayed in the ransom note. The note provides five links and, in case all of them do not work, recommends that you download the TOR browser and follow the sixth link provided at the bottom.

As mentioned in the introduction, at present, all of the links do not work, so if your computer has been infected with this ransomware, you have two options. You can either wait for the site to come back online to pay the ransom or remove this ransomware entirely and restore as many of your files from backup drives. We do not know how much money the criminals might want you to pay, but, in any case, we are positive that they will demand that the ransom be paid in Bitcoins. Also, due to the fact that this ransomware barely works, there is no guarantee that you will get the decryption key after you have paid the ransom.

If you have opted for erasing this application, then we suggest using the guide featured below. However, because users save their downloaded files in different locations, we cannot pinpoint Alma Locker Ransomware’s exact location, so you will just have to locate it manually. However, you can also use an antimalware application, and we recommend SpyHunter because our tests have shown that this application is fully capable of locating and eradicating this malware. Take note that you do not have to boot your computer in Safe Mode or terminate its running executable to delete it. In closing, you should consider getting an anti-malware application to protect your PC from similar infections as we have noticed a surge in the release rate of ransomware-type malware.

How to delete this infection

  1. Locate the malicious executable.
  2. Right-click it and click Delete.
  3. Empty the Recycle Bin.

In non-techie terms:

Alma Locker Ransomware is a typical ransomware whose purpose is to encrypt most of the files on your computer and demand that you pay a ransom to get them back. However, this ransomware’s website does not work, so you are unable to pay the ransom. So we suggest that you delete this malicious application from your PC as soon as possible.