Lokas Ransomware Removal Guide

Do you know what Lokas Ransomware is?

Lokas Ransomware is yet another ransomware from the STOP Ransomware family. Most of the programs from this group share the same features, and they also display the same ransom note. However, it doesn’t mean that we shouldn’t take this infection seriously. We must remove Lokas Ransomware from our computers as soon as we notice this intruder. The manual removal can be a little bit bothersome, but it shouldn’t stop you from dealing with this infection. After all, the only reason this program is there is money, and you should definitely keep your cash to yourself.

Again, we do get tired of repeating ourselves, but it’s clear that not all users know how ransomware programs spread around. If they knew, Lokas Ransomware would not enter victim computers. The truth is that ransomware employs probably one of the oldest malware distribution methods: spam emails. Spam emails often come with outgoing links and attached files. The outgoing links might try to lure important information from you (like your logins or passwords), while the attached files are usually there to infect you with something terrible.

Here, you will say that you can avoid malicious infections if you choose to ignore the spam and the attached files. And that’s true: it IS possible to avoid Lokas Ransomware and other similar infections if you are careful about the attached files you download. Unfortunately, users often fail to recognize the danger behind such emails. While most of the spam messages get filtered into the Junk folder, the spam email that carries ransomware usually reaches our main inboxes. Now, why is that? It’s because the spam email that carries malware is sophisticated.Lokas Ransomware Removal GuideLokas Ransomware screenshot
Scroll down for full removal instructions

These emails might look like notifications from online stores or like reports from financial institutions. But if you haven’t bought anything recently, why would you receive an email from an online store, right? Why would you receive a financial report from a bank where you don’t have an account? Who would send you a project for your job if you don’t know them? The point is that you have to take everything into consideration before you open an email from an unknown party. Also, it might look like the attached file is legitimate, but if you do not know whether it is reliable or not, be sure to scan the attached file with a security program of your choice. If the file is malicious, you will be notified immediately.

Now, what happens if Lokas Ransomware manages to enter the target system either way? Well, then the infection works like most of the ransomware applications out there. It will launch a full system scan to locate the files it can encrypt. Then, Lokas Ransomware will add the “.lokas” extension to the encrypted files. This way, you will easily see which files were affected by the encryption, although it wouldn’t be that hard to tell either way because the file icons will change, too.

When the encryption is complete, Lokas Ransomware displays a ransom note. This ransom note is there to convince you that you must pay the ransom if you want to get your files back. However, no matter how threatening this note might seem, you should NEVER contact these criminals. Even if the note says the following:

ATTENTION!
Don’t worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
<…>
Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that’s price for you is $490.

It might look like a good deal, but there is nothing nice about Lokas Ransomware or about how it tries to make you pay. Do not contact these criminals. Simply remove Lokas Ransomware from your computer, and then restore your files from the backup. You might not have copies of your files saved on an external drive, and that’s fine. The program was released a while ago, so there is a good chance that there is a public decryption tool for it. Also, you can always address a professional who would introduce you to other file recovery options.

How to Remove Lokas Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type %WinDir% into the Open box. Click OK.
  3. Open the Tasks and System32/Tasks folder and delete the Time Trigger Task.
  4. Press Win+R and enter regedit. Press OK.
  5. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  6. On the right, right-click and remove the SysHelper value.
  7. Press Win+R and open the %LOCALAPPDATA% and %UserProfile% directories.
  8. From there, remove the folder with a CLSID format name.
  9. Use SpyHunter to scan your system.

In non-techie terms:

Lokas Ransomware is a dangerous computer infection that can lock up your files. You need to remove Lokas Ransomware from your system as soon as possible. The best way to remove a malware program is by using an automatic antispyware tool. While you are at it, you should also consider investing in file storage where you could back up your files. This way, you would protect your data from ransomware infection in the future.