Ransomware.Locky Removal

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

This page aims to help you remove Ransomware.Locky. These Ransomware.Locky removal instructions work for all versions of Windows.

Welcome to the Ransomware.Locky removal guide. If your files have been encrypted and you don’t want to pay ransom to the crooks that are blackmailing you, the information that we have prepared below may help you deal with that nasty type of a cybercrime known as Ransomware. Our “How to remove” team is dedicated to helping users like you fight against malware infections and here you will learn how to effectively remove the threat that has taken over your computer.

Removing the ransomware infection is of utmost importance if you want to eliminate the hackers’ access to your machine and bring it back under your control. Therefore, in the next lines we will share with you our proven and detailed steps to completely delete Ransomware.Locky from your system. You may also like to try everything possible to get your data back and the guide below will lead you through the restoration process that may help you bring some of your files back to normal. But before all that, let’s say a few words about this new form of cyber threat in order to help you better understand the problem you are dealing with.

What is Ransomware?

We will start by saying that ransomware is a very malicious type of virus that has been created to blackmail users for ransom by taking hostage their PC’s data. Unfortunately, you have been infected with one of the most notorious representatives of this type – Ransomware.Locky. Now, what does it really mean? Instead of corrupting your system and performing malicious activities that viruses do such as spying, data collecting or deleting of files, Ransomware.Locky does not do that. In fact, it doesn’t delete your files because it needs them in order to lock them. It is very typical for ransomware infections to use a strong encryption algorithm that converts the data found on the computer into an almost unbreakable combination of symbols, which cannot be recognized by any program. This way all the files that are encrypted become unreadable and the victims cannot open them.

How is Ransomware spreading online?

Usually, Ransomware infections occur when users click on malicious pieces of content. Such content is commonly distributed through spam e-mails, e-mail attachments, links, torrents and suspicious downloads. Trojan horses are the preferred method that inserts ransomware on users’ computers, due to their ability to mask themselves as seemingly harmless applications and easily delude users this way. Once the Ransomware finds its way into the system, it starts to lock all the most commonly used data that is available on the computer and locks it with its encryption. The whole process usually goes unnoticed until the malware reveals itself with a ransom note on the victim’s screen.

Is there a way to decrypt the files and restore them?

A direct decryption is only possible through a unique decryption key. However, the decryption key for the encryption of Ransomware.Locky is, unfortunately, in the hands of the crooks. And they would trade it only for a fat sum payable in Bitcoins. Detailed instructions are given in a ransom note that is displayed right after the encryption is completed. Very often the hackers would threaten to destroy the decryption key if a payment is delayed or not made. They may even threaten to double the ransom in order to make the victims pay faster. However, you should know that these are manipulative techniques that cybercriminals use in order to make their victims act impulsively and pay the ransom.

Negotiating with crooks – the worst idea ever!

“So, I pay the ransom, get the key, unlock my files and that’s it?” – you may think. Wrong! There are many victims of ransomware that burn their money this way and they get a key that doesn’t work or never get a decryption key at all. Cybercriminals don’t really care about your files and once they get your money, there is nothing that could make them send you the key they promised. By paying the ransom you only help them get richer and make their “business” scheme more popular. Therefore, many security experts including our “How to remove” team would advise you not to pay a cent to these crooks.

Restoration of your files could be possible and there are two other options for that.

The one option is to restore your files from a copy you keep somewhere on an external drive. That’s why one smart protection against ransomware blackmail is keeping regular backups. To prevent the infections, however, you would need proper antivirus software and well maintained and updated system. It is useless to say that you should avoid suspicious content and insecure online locations.

The second option is to try to extract some of your files back from your system backups. In the guide below we are going to show you exactly how to do that. But first, you will need to clean your system from the infection. Closely follow the steps in the removal guide and let us know if we have been helpful.


Name Ransomware.Locky
Type Ransomware
Danger Level High (Encrypts the victim’s data with a strong algorythm and requires ransom in exchange for a decryption key)
Symptoms Ransom note appears on the screen after the encryption is completed.
Distribution Method Distributed through various channels such as spam e-mails, downloads, torrents, links and Trojan horse infections.
Detection Tool Ransomware.Locky may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove Ransomware.Locky

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Ransomware.Locky may have hidden some of its files.

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.


Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press Enter. Once inside, press CTRL and F together and type the virus’s Name.

Search for the ransomware in your registries and delete the entries. Be extremely careful – you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Ransomware.Locky

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment