LockOn Ransomware Removal Guide

Do you know what LockOn Ransomware is?

LockOn Ransomware is a newly-discovered ransomware infection. It is not a harmful infection yet because it is still in development and, currently, encrypts files in only one location %HOMEDRIVE%\Users\Exploits\Desktop\test. If it does not find this folder in this place, it does not encrypt any other files, which clearly shows that it has not been finished yet. Of course, it might one day receive updates, so you might encounter the version of LockOn Ransomware encrypting files in other directories too. No matter which version of this ransomware infection you have discovered on your computer, you must delete it from your system right away. Yes, it demands money from users, but do not even think about sending money to its developer because the chances are high that you do not have the “test” folder it affects and your other files are fine. Luckily, LockOn Ransomware is not a sophisticated malicious application. Research has shown that it does not create any entries in the system registry and does not drop any new files on victims’ machines, so it should not be very hard to remove it.

Without a doubt, LockOn Ransomware has been developed to lock files and then demand a ransom because it performs the encryption of files the second it shows up on the system. As mentioned in the previous paragraph, it only encrypts files located in %HOMEDRIVE%\Users\Exploits\Desktop\test, but, of course, everything might change soon. Research has shown that it changes original filenames and appends .lockon to all files it locks, so it should not take long for users to realize which of their files have been ruined. Once the encryption of files takes place, this ransomware infection places a window on Desktop (it can be closed by killing the malicious process representing the ransomware infection in Task Manager). It contains the sentence that explains everything (“The whole of your computer has just been encrypted by LockOn to unlock your computer and retrieve your file please pay the ransom to the address bitcoin!”) and step-by-step payment instructions. Do not even think about paying money because the chances are high that all your files are fine – you can close this window and check them all yourself. If you have found your “test” folder encrypted, you can get a decryption key for free by clicking the Fake paye (test) button on the main ransomware window. If LockOn Ransomware is ever updated and you find your personal files located in other folders encrypted, you should not send money to cyber criminals in such a case either. Keep in mind that it is always possible to restore the encrypted data for free from a backup.LockOn Ransomware Removal GuideLockOn Ransomware screenshot
Scroll down for full removal instructions

It is hard to say how LockOn Ransomware will be distributed because it is still in development. According to our malware researchers, all ransomware infections, no matter they are old or new, are spread similarly, and LockOn Ransomware should not be different. That is, it should be spread as a malicious attachment in spam emails. Users who download tons of free software from the web should be very careful too because they might download this infection from some kind of third-party page containing all kinds of applications. We cannot confirm that other distribution methods will not be used to spread this threat, so it would be a smart move to install a reputable security application on the system. As long as it stays, malware could not show up on the computer illegally.

Since LockOn Ransomware does not make any modifications on victims’ machines and does not drop any new files, its removal consists of one step – the removal of the malicious file launched. Since it might be very hard to find it, we suggest that you delete all recently downloaded suspicious files from your computer. Our step-by-step manual removal guide will help you, so go to remove this threat immediately after you read this article till the end.

How to delete LockOn Ransomware

  1. Press Ctrl+Shift+Esc.
  2. Open Processes and kill the process of the ransomware infection to remove its window from Desktop.
  3. Open Explorer (Win+E).
  4. Open the folder where all downloads are located (it should be %USERPROFILE%\Downloads or %USERPROFILE%\Desktop).
  5. Remove all recently downloaded files.
  6. Empty Recycle bin.

In non-techie terms:

If you encounter the beta version of LockOn Ransomware, it should not cause much harm to you because it encrypts files in one folder only – %HOMEDRIVE%\Users\Exploits\Desktop\test – ordinary users do not have it. Of course, it might be updated one day and start encrypting files in other directories too, so you should do all it takes to prevent it from entering the system. It should be enough to install a reputable security application. If you have already encountered LockOn Ransomware and found your files locked, do not send money to cyber criminals. Instead, go to disable this infection the first thing.