Relock Ransomware Removal Guide

Do you know what Relock Ransomware is?

If you realize that you have been hit by Relock Ransomware, there is a good chance that you will lose your files in this vicious attack. Although our researchers have found that this ransomware may only target your documents and archives, it can still do a lot of damage to you, i.e., to your precious files. The only way out of this misery seems to be to pay the offered ransom fee. But we must warn you that it is always risky to either contact or to pay these criminals. There is no guarantee that you will get anything in return. In fact, unless you have a backup saved somewhere safe, there is no real chance to get your files back. We have not found any free tool on the web yet that could help you restore your encrypted files. Of course, malware hunters may come up with such a tool in the near future but there is never any guarantee for that either. We believe that it is important that you remove Relock Ransomware from your system if you would like to restore your security. Since this ransomware can start up automatically with Windows, there is really no other way for you to stop this amok running.

Our researchers have found that this dangerous infection looks very similar to a previous one called Matrix9643@yahoo.com Ransomware; in fact, so much that this could be a new version. It is possible that you have infected your PC by opening a spam e-mail. As a matter of fact, opening this spam may not be the biggest problem although there can be ransomware infections that are triggered to drop or execute when the mail is opened. In this case, you need to download and open the attached file as well. This attachment is the malicious executable file that can be disguised as an image or a text document. The reason why you would feel inclined to open this spam and its attachment is that this mail is very convincing that it regards an important and urgent matter. This matter can be an allegedly unpaid invoice or fine, or wrongly given credit card details while booking online, and so on. You need to remember that it is not possible to delete Relock Ransomware from your computer without possibly losing your files, too. Therefore, you need to be more cautious around your mails in the future if you do not want to cause more security issues and lose files to encryption or other types of damage.Relock Ransomware Removal GuideRelock Ransomware screenshot
Scroll down for full removal instructions

It is also possible that you have a remote desktop application like TeamViewer installed on your computer and these criminals attack you via remote desktop protocol. This can happen if such software is weakly configured using a basic password that can be easily cracked by these crooks. Once they gain access to your system, it is easy for them to initiate the attack and you will not even see it coming. Yet another possibility is via Exploit Kits. In this case, you need to make sure that your browsers and drivers are always updated because these kits can take advantage of outdated software bugs to drop such a dangerous infection the moment you load a malicious page in your browser. Remember that removing Relock Ransomware will not give your files back.

This ransomware infection creates a copy of itself once run and also a point of execution, which means that it will start up every time you log in to your Windows system. It is possible that this ransomware only encrypts your documents and archives but this can still cause a lot of damage for you. The encrypted files will not get a new extension this time, but, instead, a string ("_[RELOCK001@TUTA.IO]") is inserted between the original file name and extension. Searching for this string on your hard disk would clearly show you the extent of the encryption.

The ransom note file is called "!OoopsYourFilesLocked!.rtf" and it is dropped in every folder where files have been encrypted. But to make sure that you do not miss this file, thirty of them are also created on your desktop. This ransomware does not lock your screen or block your system processes either. In fact, it is possible that after the encryption is done, it may delete its copy and its point of execution as well. You are instructed to send an e-mail to relock001@tuta.io or relock001@yahoo.com if you do not get a reply from the former one. You have to put your personal ID that you can find in this note as your subject line and you can also send three small files to be decrypted for free. You need to be quick because the ransom fee is increased by every 12 hours. Still, we do not believe that it is a good idea to send any money to these criminals. If you contact them, it is more likely that they will send you yet another malicious program than the decryption key. Thus, we recommend that you remove Relock Ransomware ASAP.

Although it is possible that this ransomware deletes itself, it would still leave a mess behind. We have included our guide below this article so that you can try to manually eliminate this dangerous threat. If you do not feel up to this task, we advise you to use a professional malware removal application like SpyHunter to take care of all system security-related issues for you automatically. Of course, it is still advisable that you keep all your programs and drivers updated frequently to prevent cyber attacks from happening. If you still need assistance, please leave a comment below.

Remove Relock Ransomware from Windows

  1. Press Win+E to open File Explorer.
  2. Try to locate the PoE, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[8 random characters].exe" and if you can still find this malicious file, delete it.
  3. Try to locate the copy of the malicious executable, "%LOCALAPPDATA%\Microsoft\[8 random characters].exe" and delete it if found.
  4. Search your download folders for any suspicious files you have saved recently and delete them all.
  5. Bin all the ransom note files from the affected folders and the desktop as well.
  6. Empty your Recycle Bin.
  7. Restart your PC.

In non-techie terms:

Relock Ransomware is a new dangerous threat that can sneak onto your PC without your noticing it and encrypt all your important files. The main goal of this vicious attack is, of course, extorting money from you in exchange for the decryption key, which is the only way for you to recover your files. The only possible way to protect your files against such a terrible attack is to regularly save backups to cloud storage or onto a removable drive. Of course, you could also protect your PC by installing a reputable anti-malware program and this is what we advise you to do, too. Paying the ransom fee almost never means that you will get the decryption key because such crooks may just disappear after they get your money. We strongly recommend that you remove Relock Ransomware from your computer as soon as possible.