Trojan.Ransomlock.R Description

Trojan.Ransomlock.R is a ransomware Trojan associated with the many variants of the so-called Metropolitan Police scam. It is important to note that Trojan.Ransomlock.R is not tied exclusively to this ransomware Trojan variant but that Trojan.Ransomlock.R is responsible for a wide variety of known Police Ransomware scams. Malware like Trojan.Ransomlock.R are very popular and usually consist of a Winlocker that blocks access to the infected computer. Then, Trojan.Ransomlock.R displays a threatening message claiming that the police blocked the infected computer because of its involvement in illegal activities. ESG security researchers strongly advise computer users to ignore the contents of the Trojan.Ransomlock.R message and to remove this threat from their computer immediately.

The Trojan.Ransomlock.R scam is not complicated; basically, this malware threat is used to steal money from inexperienced computer users. First, Trojan.Ransomlock.R enters a computer taking advantage of known vulnerabilities or through social engineering tactics which rely in convincing the computer users themselves to install Trojan.Ransomlock.R on their computer. Once Trojan.Ransomlock.R has managed to infiltrate the victim’s computer, Trojan.Ransomlock.R makes harmful changes to the infected computer’s settings that prevent the computer user from accessing the affected computer’s Desktop or files stored on the infected machine. Effectively, the Trojan.Ransomlock.R Trojan takes the infected computer hostage, locking the computer user out of it. Once Trojan.Ransomlock.R has achieved this, the Trojan.Ransomlock.R ransomware Trojan displays a bogus message from the police. This message accuses the victim of violating the law with activities such as viewing child pornography and distributing malware. After threatening the victim with jail time and with the prospect of enormous legal fines, Trojan.Ransomlock.R variants claim that it is possible to avoid prosecution by paying a one-time fine of a couple hundred euro, dollars or pounds (depending on the targeted computer’s location and the Trojan.Ransomlock.R variant infecting the victim’s computer.

Since Trojan.Ransomlock.R has absolutely no connection to actual law enforcement, ESG security analysts strongly advise computer users to ignore Trojan.Ransomlock.R’s message and all of its claims. Instead, a dedicated anti-malware program should be used to remove Trojan.Ransomlock.R. To bypass Trojan.Ransomlock.R’s threatening message, ESG security researchers recommend using an alternate boot method to start up the infected computer, such as using an external memory device or accessing the infected computer’s Registry Editor with the help of Safe Mode and the Command Prompt.

Type: Trojans

How Can You Detect Trojan.Ransomlock.R?

Trojan.Ransomlock.R Removal Details

Trojan.Ransomlock.R creates the following registry entries:

• “%CurrentFolder%\[RANDOM FILE NAME]“
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”(Default)” =

Important Article Disclaimer