Lock2017 Ransomware

Lock2017 Ransomware Description

The Lock2017 Ransomware is a ransomware Trojan that may be distributed by using corrupted documents that abuse exploits in macros. The Lock2017 Ransomware is distributed through a spam email campaign that targets computer users that speak English. The Lock2017 Ransomware is designed to infect versions of the Windows operating system, and the corrupted documents used to distribute the Lock2017 Ransomware will exploit macro vulnerabilities in software such as the Microsoft Office or Open Office. Because of this, computer users should refrain from opening unsolicited email attachments, even if the email that includes the attachment seems to come from a legitimate source (which may have been compromised). It also is recommended to disable the automatic execution of macros and not to enable it if a document requires it unless sure of its contents.

An Overview of the Lock2017 Ransomware Infection
PC security researchers first observed the Lock2017 Ransomware infection on March 5, 2017. The Lock2017 Ransomware Trojan itself is a typical example of these threats. The Lock2017 Ransomware uses an open source encryption method which, unfortunately, is capable of preventing computer users from accessing their data. The main purpose of the Lock2017 Ransomware is to encrypt the victim's files with its strong encryption algorithm, which will prevent computer users from gaining access to their data. The Lock2017 Ransomware is nearly identical to countless other ransomware Trojans currently active in the wild. When the Lock2017 Ransomware infects a victim's computer, it encrypts the files on the infected computer to make them inaccessible. The Lock2017 Ransomware uses the RSA-2048 encryption, meaning that the affected files cannot be deciphered without access to the decryption key. The files encrypted by the Lock2017 Ransomware will have their names changed to follow the naming scheme:


PC security researchers advise against paying the ransom and instead advise computer users to remove the Lock2017 Ransomware with a reliable security program and to restore the files affected by the Lock2017 Ransomware from a backup copy.

The Lock2017 Ransomware's Ransom Note

The Lock2017 Ransomware, to alert the victim of the attack, will drop its ransom note in a text file named 'README.TXT,' which contains the following message:

'NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files?
All of your files protected by a strong encryption with RSA-2048. More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Secret Server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 24 hours.
For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee.
Please do not waste your time! You have 72 hours only! After that The Main Server will double your price! So right now You have a chance to buy your individual private SoftWare with a low price!
Please contact me by e-mail:
lock2017@unseen.is or lock2017@protonmail.com
UserID: id-3487664600'

PC security researchers advise computer users to refrain from following the instructions provided by the Lock2017 Ransomware ransom note or contacting these people. Instead, they should have backups of all files to recover from this and other, similar attacks.