Easy2Lock Ransomware

Easy2Lock Ransomware Description

The Easy2Lock Ransowmare operates as a typical crypto locker threat. It attempts to infiltrate the targeted computer undetected and then proceeds to encrypt most of the files stored on it. Users will be 'locked' from accessing their personal or business-related data effectively, which in some cases may have dire consequences. The criminals behind the Easy2Lock Ransowmare then extort money from their victims in exchange for the possible restoration of the encrypted files. Every locked file will have its name changed to include '.easy2lock' as a new extension. Unlike most other ransomware threats that simply leave their ransom notes as a .txt or .hta file in all folders containing encrypted data, the Easy2Lock Ransowmare creates a separate text file for every single encrypted file. The names of the files carrying the ransom note are derived from the corresponding file's name but having '_read_me' appended at the end. The text of the ransom note is one and the same in all of the files.

The hackers claim that the Easy2Lock Ransowmare, apart from encrypting the user's data with an uncrackable algorithm, also has deleted or encrypted the potential backups. Victims are instructed to contact the criminals by sending an email to any of the three provided email addresses -

  • leroy3564@protonmail.com
  • donovan4039@airmail.cc
  • darryl8227@msgsafe.io

There's no mention of a specific sum demanded for the decryption tool; neither is it mentioned if the money must be sent as Bitcoin or another popular cryptocurrency.

Victims of the Easy2Lock Ransowmare are advised to remain calm and avoid following the instructions of the hackers. Providing any amount of funds to the criminals will only be used to expand their threatening activities further.

The full text of the ransom note dropped by the Easy2Lock Ransowmare is:

'Your network has been penetrated.

All files on each host in the network have been encrypted with a strong algorythm.

Backups were either encrypted or deleted.

Do not rename or move the encrypted files.

To get the files back contact us at:




Store the encryption key:'

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

HTML is not allowed.