SnakeLocker Ransomware Removal Guide

Do you know what SnakeLocker Ransomware is?

SnakeLocker Ransomware is a malicious application that was designed to encrypt your files. However, it is still in its development stage but was unleashed upon the Internet nonetheless. It can infect your PC secretly, though this ransomware in not very prominent. Testing has shown that this program cannot encrypt your files. Therefore, you can remove it from your PC without hesitation since you do not have to comply with the cyber criminals’ demands. They want you to pay a ransom, but you do not have to because it cannot encrypt your files. For more information, please continue reading.

This ransomware is not widely distributed yet but is distributed somehow nonetheless. The problem is that we do not know how its developers do that. Nevertheless, we assume that they use malicious emails that have this ransomware’s executable attached to them send them to random email addresses. They can be disguised as legitimate, and the attached file can masquerade as PDF document or something of the sort. If you open or download and then open the attached file, then SnakeLocker Ransomware should infect your PC. Of course, this may not be the only distribution method used. Our researchers say that this ransomware may be bundled with pirated software and featured on torrent websites. Regardless of the distribution channel, this ransomware is set to inject your PC secretly, so if you do not have an anti-malware program on your PC, then your PC can be vulnerable to infections. This program does not create a copy of itself, so it will run from the place it was launched. Note that it may be copied to a hidden location once the full version is out. Another thing we want to mention is that the name of this ransomware’s executable is completely random.

SnakeLocker Ransomware is a potentially dangerous computer infection that could infect many of your personal files. However, it does not do that. Researchers say that it was configured to use a unique AES encryption algorithm and the AES key is then encrypted with an RSA key. The choice of location to encrypt files is rather odd. Testing has shown that it was set to encrypt files in %LOCALAPPDATA%\Google\Chrome\User Data\[USER PROFILE]\Extensions, %LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files, and %APPDATA%\Microsoft\Windows\Cookies which are unlikely locations for storing personal files. When encrypting files in these locations, the system is not damaged, so we think that that is the reason for doing so.SnakeLocker Ransomware Removal GuideSnakeLocker Ransomware screenshot
Scroll down for full removal instructions

Researchers say that this ransomware does not connect to any C&C server and the Tor website that you have to visit to pay the ransom is offline. Research has shown that there are two versions of SnakeLocker Ransomware but the only difference between them is that one adds a “.snake” and the other a” .TGIF” file extension to encrypted files. Once the encryption is finished, this ransomware is set to drop a ransom note named INSTRUCTIONS-README.html on the desktop and open it. The ransom note says that you have to pay 0.1 BTC which is an approximate 280 USD. Additional information is supposed to be hosted on snaketyokt7r5x3t.onion/decrypt.php, but this website is currently down.

As you can see, SnakeLocker Ransomware is one malicious application but is still in development, so it was not configured to encrypt any valuable files. Therefore, you can disregard the unimportant files that it encrypts and remove it from your PC using an anti-malware program such as SpyHunter or the guide featured below.

Manual Removal Guide

  1. Press Windows+E keys and enter the following file paths in the address box.
  2. Hit Enter.
    • %USERPROFILE%\Downloads
    • %USERPROFILE%\Desktop
    • %TEMP%
  3. Locate the randomly-named executable.
  4. Right-click it and click Delete.

In non-techie terms:

SnakeLocker Ransomware is a malicious application that is set to encrypt some files on your PC. It is still in development, so the test versions do not target important files. Therefore, if your PC has become infected with it, you can remove it without hesitation as it encrypts unimportant files. Clearly, payng nearly 280 USD is not an option for encrypted extensions, cookies, and temporary files.