Rocklee Ransomware

Rocklee

Rocklee is a program of the Makop Ransomware family that can encrypt your most valuable data. The first thing that Rocklee does is to figure out which are the files that are of greatest value for you so that it can encrypt them later and ask for a ransom.

Files encrypted by Rocklee virus ransomware (.Rocklee extension)
Rocklee virus ransomware encrypted files

The next move you can expect from this terrible virus is to send a warning message that tells you your files have been encrypted and you won’t be able to decrypt them unless you pay a certain amount of money to some anonymous cyber crooks. A few viruses can be more dangerous than Ransomware viruses. These are, perhaps, the most complex and disturbing pieces of malware on the internet. More and more users are abused by threats like Rocklee because the criminal creators use highly versatile distribution methods for spreading ransomware online. At present, as Ransomware becomes increasingly popular, you can get infected from almost anything on the Internet – from compromised emails and malicious attachments to drive-by downloads, torrents, malicious websites, infected software installers, and malvertisements. Dealing with such software can also be very challenging more so since it can be very hard to remove it and recover the system to its previous state. On this page, however, there is a manual guide that contains instructions that can be of great value for someone who has been struggling with Rocklee.

The Rocklee virus

The Rocklee virus is a malicious piece of software, that will make your files unavailable and will ask you to pay a ransom to regain access to them. To keep your data hostage, the Rocklee virus uses a secret encryption code that cannot be reversed without a decryption key. Once the targeted files have been encoded, the ransomware will display a very frightening ransom message that typically will include instructions from the criminals who control the infection, payment details, and deadlines.

Rocklee virus ransomware text file (+README-WARNING+.txt)
The Rocklee virus will leave a +README-WARNING+.txt file with instructions

Text in this ransom note and the “+README-WARNING+.txt” file:

::: Greetings :::
Little FAQ:
.1.
Q: Whats Happen?
A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen.
.2.
Q: How to recover files?
A: If you wish to decrypt your files you will need to pay us.
.3.
Q: What about guarantees?
A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities – nobody will cooperate with us. Its not in our interests.
To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc… not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee.
.4.
Q: How to contact with you?
A: You can write us to our mailbox: [email protected]
Or you can contact us via TOX: 2045F43C36CF86051CC7129C1FF74E84BCDC7A527C059676E546F58A1D8DF94B3C47F17F2E54
You can download TOX client here: hxxps://qtox.github.io/
.5.
Q: How will the decryption process proceed after payment?
A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files.
.6.
Q: If I don t want to pay bad people like you?
A: If you will not cooperate with our service – for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice – time is much more valuable than money.
:::BEWARE:::
DON’T try to change encrypted files by yourself!
If you will try to use any third party software for restoring your data or antivirus solutions – please make a backup for all encrypted files!
Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.

In general, if you want to clean your computer from Rocklee, you should know that there is a way for the malware to be removed. Typically, this can happen manually, with the help of a removal guide or automatically, by using a professional removal tool. As far as your files are concerned, their recovery is a completely different story. You can never be sure whether you will be able to access them again unless you have a full data backup on an external drive where you can copy them from. Even the money you may decide to pay as ransom could go in vain because the offenders who blackmail you usually have no honest intent. They are typically only after your money and once they get it, they can vanish.

The Rocklee file recovery

The Rocklee file recovery is a challenging task that may require you to risk your money for a secret decryption key. However, the Rocklee file decryption key may never be sent to you even if you strictly fulfill the hackers’ demands. These people regularly break the law, so you can’t expect them to be honest with you. Therefore, do your best to explore the possibilities for recovery and consider all the steps you can take before you decide to pay the ransom. Get the most effective tool against such infections, ask an expert for support or check the web for some removal guides and solutions.

SUMMARY:

NameRocklee
TypeRansomware
Danger LevelHigh (Ransomware is by far the worst threat you can encounter)
SymptomsVery few and unnoticeable ones before the ransom notification comes up.
Distribution MethodFrom fake ads and fake system requests to spam emails and contagious web pages.
Detection Tool

Remove Rocklee


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    After you open their folder, end the processes that are infected, then delete their folders. 

    Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.

    Step3

     

    Hold the Start Key and R –  copy + paste the following and click OK:

    notepad %windir%/system32/Drivers/etc/hosts

    A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

    hosts_opt (1)

     

    If there are suspicious IPs below “Localhost” – write to us in the comments.

    Type msconfig in the search field and hit enter. A window will pop-up:

    msconfig_opt

     

    Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

    • Please note that ransomware may even include a fake Manufacturer name to its process. Make sure you check out every process here is legitimate.
    Step4

     

    Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

    Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you delete entries not related to the ransomware.

    Type each of the following in the Windows Search Field:

    1. %AppData%
    2. %LocalAppData%
    3. %ProgramData%
    4. %WinDir%
    5. %Temp%

    Delete everything in Temp. The rest just check out for anything recently added. Remember to leave us a comment if you run into any trouble!

    Step5

     

    How to Decrypt Rocklee files

    We have a comprehensive (and daily updated) guide on how to decrypt your files. Check it out here.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author

    blank

    Lidia Howler

    Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

    Leave a Comment