Remove MegaLocker Ransomware and Decrypt Files (Virus Removal)

MegaLocker

There is free decryption software available for MegaLocker!

Download MegaLocker Decrypter

First, download Malwarebytes to remove malware.

Then, click the button to download “Emsisoft Decrypter for MegaLocker” (Guide)

What is MegaLocker Ransomware?

The general concept of malware is to generate revenue for the party who distributes it. Malware employs numerous techniques to accomplish this goal. In the world of malware, there is one particular threat that stands out due to its level of severity, Ransomware. Ransomware is a type of malware that doesn’t hold back when applying methods to generate revenue. For example, MegaLocker Ransomware generates revenue by running locally and remotely encrypting accessible Samba servers. This is slightly different from other variants of Ransomware that instead rely on the local machine to execute the file.

MegaLocker is Ransomware that not only searches for and encrypts accessible Samba servers, it brute forces passwords, remotely encrypts passwords, and then remotely encrypts files and leaves a text file named !DECRYPT_INSTRUCTION.TXT behind.

The text file acts as a ransom note. It explains what happened to your files and how to pay a ransom to recover them. This is a partial excerpt from the ransom note:

What happened to your files?

All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus.

What does this mean?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them. The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.

When the MegaLocker Virus encrypts files it will append the .nampohyu file extension to the files. An example of a file would be testfile.nampohyu or testfile.png.nampohyu.

This malware is very aggressive, but there’s good news. Files encrypted by MegaLocker Ransomware can be decrypted and fully recovered for free. A decryption program for the infection has been released by Emsisoft and you can download it for free at emsisoft.com:

How did MegaLocker Ransomware get onto my computer?

MegaLocker Ransomware can be distributed through various mediums. The Ransomware can be distributed as an attachment in an email message, in advertisements on websites that utilize malicious advertising networks, on websites that voluntarily or involuntarily host malware and more.

Follow These Steps to Remove MegaLocker Ransomware:

This MegaLocker removal tutorial was published to provide you with easy ransomware removal and file decryption steps that will help you get your files back. It is designed to be easy to follow, yet detailed to help you eradicate every single spec of malware on your computer.

Step 1: Use Malwarebytes to Scan for Ransomware

Use Malwarebytes to scan your computer for Ransomware and other malicious programs that may be on your system.

1. Download Malwarebytes.

FREE DOWNLOAD BUY NOW

Why should you buy the premium version?

Malwarebytes Premium has real-time protection that automatically protects your computer and other devices from viruses, spyware, and malware. With Malwarebytes Premium you can stay ahead and safely browse the web with confidence.

2. Double click the executable file or icon, such as mb3-setup-1878.1878-3.7.1.2839.exe to begin installing the program.

3. When you have installed Malwarebytes, click the Scan Now button to begin scanning your computer.

4. When the scan is complete, click the Quarantine Selected button to remove all threats detected by Malwarebytes.

Step 2: Use HitmanPro to Remove Remaining Trace Files

Use HitmanPro to scan your computer for remaining trace files that may be leftover.

1. Download HitmanPro. Fill out the information on their website and download the executable file.

FREE DOWNLOAD BUY NOW

Why should you buy the full version?

HitmanPro is a little different than your usual security program. It goes beyond simply removing viruses, it completely eradicates all traces and remnants of the infection. HitmanPro is also designed to run alongside your Antivirus program which makes it a match up great with Malwarebytes Premium.

2. Double click the executable file or icon, such as HitmanPro.exe to begin installing the program.

3. When you have installed HitmanPro, click the Next button to begin scanning your computer.

4. When the scan is complete, click the Next button to remove all threats detected by HitmanPro.

Step 3: Use CCleaner to Clean Your System and Update Programs

Use CCleaner to clean your system, repair settings that may have been modified by malware, and update programs (if needed) so they’re current with the latest security patches. Outdated software can leave a computer system vulnerable, it is important to regularly update your Operating System and the programs on your machine to avoid any mishaps.

1. Download CCleaner.

FREE DOWNLOAD BUY NOW

Why should you buy the professional version?

CCleaner Professional has the power of real-time automation, so your computer always stays clean, safe, and fast. CCleaner Pro bundles privacy protection, system cleaning, and more with outstanding customer service.

2. Double click the executable file or icon, such as ccsetup556.exe to begin installing the program.

3. When you have installed CCleaner, click the Analyze button to begin analyzing your system.

4. Once analyzation is complete, click the Run Cleaner button to clean your system.

5. Now, let’s run through the Tools section; Go to Tools.

6. Uninstall: Is there a program you missed uninstalling before? CCleaner can often show you programs that are hidden from the Control panel.

7. Software Updater: Are there any programs to update? Make sure to keep the programs on your computer up-to-date to avoid issues with security vulnerabilities.

8. Startup: Go through the Windows, Scheduled Tasks, and Context Menu tabs. Are there any suspicious startup keys enabled? If so, highlight them with your mouse and click the Delete button to remove them.

9. Browser Plugins: Go through the tabs for each browser installed on your computer. Are there any suspicious plugins installed? If so, highlight them with your mouse and click the Delete button to remove them.

10. Finally, let’s clean up the registry. Get out of the Tools area and go to Registry.

11. Click the Scan for Issues button and follow the instructions.

12. Once the registry scan is complete click the Fix selected Issues… button and follow the instructions to fill all the selected issues found in your computer’s registry.

Step 4: Secure Your Computer

It’s time to secure your computer to ensure that something like this is unlikely to happen again. Consider these best practices to provide a heightened layer of protection and privacy:

Use Antivirus with layered protection

Antivirus will real-time layered protection has the ability to stop emerging threats like ransom and hackers from gaining access to your computer, phone, or tablet. Antivirus programs also remove malware that is already on your computer, protect you from visiting malicious websites, stop known and unknown Ransomware attacks, and prevent the programs on your device from being used against you. Check out these highly recommended Antivirus programs to add a layer of security to your computer, phone, or tablet:

Use a VPN

Put up an indestructible wall around you and your data while your computer is connected to the internet. With a VPN you become anonymous over the internet and no one can determine who you are. This is an advantage when it comes to keeping eavesdroppers and hackers away from your data.

With a VPN your data is encrypted and when you connect to the internet your communications travel through a personal tunnel that can’t be penetrated or even logged by your VPN provider, ISP, or anyone else. No one can see what you’re doing and this doesn’t just include your Internet Service Provider, it includes hackers and government agencies.

Recommendations:

Step 5: Recover Your Files

Recover your files by using free decryption software released by Emsisoft:

Download MegaLocker Decrypter

There are numerous programs that can be used to recover lost and damaged files for free if you run into issues:

NAME DESCRIPTION DOWNLOAD
Shadow Explorer Restores lost or damaged files from Shadow Copies Download (Free)
Photorec Recovers lost files Download (Free)
Recuva Recovers lost files Download (Free) | Buy

Troubleshoot

There are other solutions to consider if you run into issues when removing MegaLocker from your computer.

System Restore

If a restore point has previously been established on your machine you will be able to perform a system restore in order to restore your machine to a date and time before it was infected. You will lose files on your computer that were obtained prior to the restore point.

There are several options to restore your computer. Most computers have their own restore software that can be found by performing a search. Additionally, computers that run the Windows Operating System have a default restore program that can also be found by performing a search.

A boot screen that can be used to access options to restore your computer can be reached by rebooting your computer and pressing the F8 key once the manufacture screen is displayed.

Recover To Factory Settings

A system recovery (or reset) will recover your computer to factory settings. You will lose the current programs and files on your computer.

There are several options to recover your computer to factory settings. Most computers have their own recovery software that can be found by performing a search. Additionally, computers that run the Windows Operating System have a default recovery program that can also be found by performing a search.

A boot screen that can be used to access options to restore your computer can be reached by rebooting your computer and pressing the F8 key once the manufacture screen is displayed.


Example of the ransom note:

What happened to your files ?
All of your files were protected by a strong encryption with AES cbc-128 using NamPoHyu Virus. What does this mean ?
This means that the structure and data within your files have been irrevocably changed,
you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them. The encryption key and ID are unique to your computer, so you are guaranteed to be able to return your files.
Your unique id: [redacted hex] What do I do ?
You can buy decryption for 1000$.
But before you pay, you can make sure that we can really decrypt any of your files. To do this:
1) Download and install Tor Browser ( https://www.torproject.org/download/ )
2) Open the http://qlcd3bgmyv4kvztb.onion/index.php?id=[redacted hex] web page in the Tor Browser and follow the instructions. FAQ: How much time do I have to pay for decryption?
You have 10 days to pay for the ransom after decrypting the test files.
The number of bitcoins for payment is fixed at the rate at the time of decryption of test files.
Keep in mind that some exchangers delay payment for 1-3 days! Also keep in mind that Bitcoin is a very volatile currency,
its rate can be both stable and change very quickly. Therefore, we recommend that you make payment within a few hours. How to contact you?
We do not support any contact. What are the guarantees that I can decrypt my files after paying the ransom?
Your main guarantee is the ability to decrypt test files.
This means that we can decrypt all your files after paying the ransom.
We have no reason to deceive you after receiving the ransom, since we are not barbarians and moreover it will harm our business. How do I pay the ransom?
After decrypting the test files, you will see the amount of payment in bitcoins and a bitcoin wallet for payment.
Depending on your location, you can pay the ransom in different ways.
Use Google to find i
nformation on how to buy bitcoins in your country or use the help of more experienced friends.
Here are some links: https://buy.blockexplorer.com – payment by bank card
https://www.buybitcoinworldwide.com
https://localbitcoins.net How can I decrypt my files?
After confirmation of payment (it usually takes 8 hours, maximum 24 hours)
you will see on this page ( http://qlcd3bgmyv4kvztb.onion/index.php?id=[redacted hex] ) a link to download the decryptor and your aes-key
(for this, simply re-enter (refresh) this page a day after payment)
Download the program and run it.
Attention! Disable all anti-virus programs, they can block the work of the decoder!
Copy aes-key to the appropriate field and select the folder to decrypt.
The program will scan and decrypt all encrypted files in the selected folder and its subfolders.
We recommend that you first create a test folder and copy several encrypted files into it to verify the decryption. About Bitcoins:
https://en.wikipedia.org/wiki/Bitcoin
About Tor Browser:
https://www.torproject.org

Sean Doyle

Sean Doyle is a tech author and engineer with over 20 years of experience in cybersecurity, privacy, malware, Google Analytics, online marketing, and other topics. Sean's content has been featured in numerous publications.