Home / Spyware Help / C0hen Locker Ransomware Removal Guide

C0hen Locker Ransomware Removal Guide

by 0 Comments

Do you know what C0hen Locker Ransomware is?

C0hen Locker Ransomware is a malware that encrypts files only in specific directories that we will list in this article. After encryption, locked files should receive the .c0hen extension. Also, they should become unreadable, which means your computer should be unable to recognize and launch them. Usually, encrypted files can be decrypted, but only with decryption tools that the malicious application’s developers might have. The creators of this threat offer purchasing them for a particular sum, which we do not recommend paying if you do not want to risk losing your money for nothing. After all, there are no reassurances that you will get the promised decryption tools. Consequently, we recommend considering the cybercriminals’ offer carefully. Also, we advise not to leave the malware unattended. You could try to delete C0hen Locker Ransomware with the removal guide placed below or a reputable antimalware tool of your choice.

Threats like C0hen Locker Ransomware can enter systems by exploiting vulnerabilities like unsecured RDP (Remote Desktop Protocol) connections. Consequently, users who wish to avoid similar threats should make sure that their systems would not have such weaknesses. Moreover, cybercriminals also use various tricks to convince victims to launch the malware themselves without realizing it. For example, they may send you an email saying that you should view the file attached to it. To convince you to do it, hackers can pretend to be someone you would not question like a reputable company or your client, etc. Therefore, instead of opening data received via email, we recommend scanning it with a reliable antimalware tool even if it does not look suspicious or dangerous to you. It would be smart to do the same to all files coming from unreliable sources, such as file-sharing websites.C0hen Locker Ransomware Removal GuideC0hen Locker Ransomware screenshot
Scroll down for full removal instructions

C0hen Locker Ransomware settles in by creating a Registry entry that disables Task Manager and an entry that makes the infected computer relaunch the malicious application after a restart. Next, the malware should start encrypting files in the Desktop, Downloads, Documents, Music, Pictures, Videos, Recent, and Favorites folders located in the %USERPROFILE% directory. Files located in other folders should not be encrypted. What we ought to stress is that the threat might start encrypting more files if a new version gets released. As you see, encrypting data in the listed directories may not be enough to make a user desperate and convince him to pay for decryption. Thus, it is likely that this could be just a test version. In any case, you can see which file are encrypted and which are not by checking if they are marked with the threat’s extension (e.g., picture.jpg.c0hen).

After encryption, C0hen Locker Ransomware should open a window with a ransom note. It might say that you need to pay 0.15 Bitcoins in exchange for decryption tools. Our researchers say that their sample did not provide an account number to which a user is supposed to pay, which also suggests that we may have encountered a test version. We do not recommend paying because there is always a chance that hackers could scam you.

What we do advise is not to leave such a malicious application on your system, especially when it can restart with the operating system and possibly encrypt new files. To delete C0hen Locker Ransomware manually, you could use the removal guide available below or a reputable antimalware tool that could eliminate the malware for you.

Erase C0hen Locker Ransomware

  1. Restart your computer in Safe Mode with Networking.
  2. Click Windows Key+E.
  3. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  4. Find a file opened when the device got infected, right-click the malicious file, and select Delete.
  5. Exit File Explorer.
  6. Press Windows Key+R, type Regedit, and choose OK.
  7. Navigate to this path: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  8. Look for a value name called c0hen locker or similarly.
  9. Right-click this value name and press Delete.
  10. Close the Registry Editor.
  11. Empty Recycle bin.
  12. Restart the computer.

In non-techie terms:

C0hen Locker Ransomware is a malicious tool used for money extortion. Same as lots of other ransomware applications, it was programmed to encrypt valuable files to take them as hostages. Later, the malware should display a ransom note that ought to ask to pay a sum of 0.15 Bitcoins to get decryption tools. Even though such tools could decrypt your files or, in other words, restore them to normal, you should understand that there are no guarantees that you will receive them. Hackers could trick you, and your money could be lost in vain, which is why we recommend against paying the ransom if you cannot risk your savings. Instead of getting decryption tools, you could replace encrypted files with backup copies if you have them somewhere safe. Naturally, before transferring data or creating any new files, we advise deleting C0hen Locker Ransomware. If you want to try to get rid of it manually, you could use the removal guide available above. If you prefer using automatic features, we advise installing a reputable antimalware tool and performing a full computer scan.