Princess Locker 2.0 Ransomware Removal Guide

Do you know what Princess Locker 2.0 Ransomware is?

Princess Locker 2.0 Ransomware is a newly discovered variant of the Princess Locker Ransomware that was first discovered in 2016. It is unknown if both of these infections were created by the same party, or if they were built using the same code by different malware developers, but it is clear that both are malicious. Our research team has analyzed the malicious threat, and, just like most other file-encryptors, it demands a ransom. To make sure that you pay it, your files are encrypted first. Unfortunately, the threat can corrupt highly sensitive personal files, and so you might be thinking about paying the ransom. The thing is that there are no guarantees when it comes to that, and no one can hold cyber criminals accountable. Based on our experience, cyber criminals do not bother helping out their victims once they get the money. Of course, you have to decide what you want to do yourself. In either case, do not forget to remove Princess Locker 2.0 Ransomware.

Spam emails are used to spread Princess Locker 2.0 Ransomware. How does that work? The launcher is concealed as a normal file – such as a Word document file – and then it is created as an attachment. If you open it, the ransomware is launched, and, of course, you are unlikely to realize it. The threat quickly encrypts files, after which a random combination of 4-6 characters is added to their original names (e.g., ABcd12). To our knowledge, the threat does not create any functional files; however, it creates files that are meant to deliver the message by the creator of the infection. These Princess Locker 2.0 Ransomware files are called “=_THIS_TO_FIX_[random].txt,” “=_THIS_TO_FIX_[random].html,” and “=_THIS_TO_FIX_[random].url.” The last one links to http://royal25fphqilqft.onion/, a page that is represented via the TXT and HTML files as well. The message within these files includes a personal ID number and the exact extension that is appended to the encrypted files. The message also instructs to download the Tor Browser, so that it would be possible for you to access the “.onion” website. Without a doubt, all of these files must be deleted when the time comes.Princess Locker 2.0 Ransomware Removal GuidePrincess Locker 2.0 Ransomware screenshot
Scroll down for full removal instructions

The creator of Princess Locker 2.0 Ransomware uses http://royal25fphqilqft.onion/ to deliver the ransom demands to its victims. The page includes a message that informs about the encryption of files. It also introduces you to the so-called Princess Decryptor. The tool, allegedly, can decrypt files, but, first, you must pay for it. The initial sum of the ransom is 0.06 Bitcoin (~500 USD), but there is also the 0.18 Bitcoin ransom (~1500 USD), which is what you would have to pay if you waited too long. To make the payment, you would have to create a Bitcoin Wallet, buy bitcoins, and send them to 18kU7vnvBNSK4iGu2aGcJBH9oJmBs1QAqD, which is a wallet address of cyber criminals. After this, allegedly, you could download “Princess Decryptor.” Whether or not that is how things would work out is unknown. Of course, most likely, you would not get the decryptor, and recovering files would be impossible. This is why we suggest focusing on the removal of the threat instead.

If you follow the instructions below, you should be able to delete Princess Locker 2.0 Ransomware manually. As you can see, the first step instructs to delete the launcher of this threat, and its location and name could be random. If you cannot remove the ransomware manually, that is not a problem because you can easily employ an automated anti-malware program. It will find and erase every single malicious component, and it will also keep your system guarded against malicious threats in the future.

Remove Princess Locker 2.0 Ransomware

  1. Find and Delete the launcher of the ransomware ([unknown name]exe).
  2. Delete these files:
    • =_THIS_TO_FIX_RLwpH3.txt
    • =_THIS_TO_FIX_RLwpH3.html
    • =_THIS_TO_FIX_RLwpH3.url
  3. Empty Recycle Bin.
  4. Install a trusted malware scanner to scan your system for potential leftovers that still require removal.

In non-techie terms:

The devious Princess Locker 2.0 Ransomware encrypts files so that cyber criminals would stand a chance at making you pay the ransom. It is not very big, but that does not mean that you are not at risk of losing it for no reason. Unfortunately, it is unlikely that you would get the Decryption program that is promised and that your files would be decrypted. Whether or not you get your files back, deleting Princess Locker 2.0 Ransomware is crucial, and we suggest doing that as soon as possible. You might be able to clean your operating system manually, but we recommend installing an anti-malware program because besides erasing malware automatically, it also can ensure protection in the future.