The Harpoonlocker virus belongs to the ransomware type of malicious agent. Ransomware of this type encrypts all the data on your PC (photos, text files, excel sheets, music, videos, etc) and adds its specific extension to every file, leaving the restore-files.txt files in each folder with the encrypted files.
Harpoonlocker virus: what is known so far?
☝️ A scientifically correct description for the Harpoonlocker is “a ransomware-type malicious agent”.
Harpoonlocker adds its extra locked to the title of each encrypted file. For instance, a file entitled “photo.jpg” will be turned into “photo.jpg.locked”. Just like the Excel table with the name “table.xlsx” will be changed to “table.xlsx.locked”, and so on.
In every folder containing the encrypted files, a restore-files.txt text document will appear. It is a ransom money memo. Therein you can find information about the ways of paying the ransom and some other remarks. The ransom note usually contains a description of how to purchase the decryption tool from the Harpoonlocker developers. That is how they do it.
Harpoonlocker summary:
| Name | Harpoonlocker Virus |
| Extension | .locked |
| Ransomware note | restore-files.txt |
| Detection | NSIS/Injector.RU, Python/Spy.KeyLogger.RT, MSIL/Flooder.Agent.DM |
| Symptoms | Your files (photos, videos, documents) get a .locked extension and you can’t open them. |
| Fix Tool | See If Your System Has Been Affected by Harpoonlocker virus |
The restore-files.txt document accompanying the Harpoonlocker ransomware states the following:
- Hello - ╔════════════════╗ ═╣ What happened? ╠═ ╚════════════════╝ All of your important files have been encrypted and all sensitive data was stolen. The only way to restore your files and keep your data from going public is to contact us. After a payment has been made you will be given access to decryption software. As a quarantee we will decrypt 3 files for free. If you don\'t contact us within 72 hours the price will be doubled. ╔══════════════╗ ═╣ Instructions ╠═ ╚══════════════╝ - Download qTOX messanger from https://qtox.github.io/ - Send message to this Tox ID: 3728E933284CE638D06FCF1CBE921096E102508BD370D6D23137D3271EE5733825F63F56805E Your message should contain your Unique Key: *******
In the image below, you can see what a folder with files encrypted by the Harpoonlocker looks like. Each filename has the “.locked” extension added to it.
That is how encrypted “.locked” files look.
How did my machine catch Harpoonlocker ransomware?
There are many possible ways of ransomware infiltration.
There are currently three most exploited methods for hackers to have the Harpoonlocker virus planted in your digital environment. These are email spam, Trojan infiltration and peer networks.
If you open your mailbox and see emails that look like familiar notifications from utility services companies, postal agencies like FedEx, web-access providers, and whatnot, but whose mailer is strange to you, be wary of opening those letters. They are most likely to have a viral file enclosed in them. Therefore, it is even riskier to download any attachments that come with emails like these.
Another option for ransom hunters is a Trojan file model. A Trojan is an object that infiltrates into your PC pretending to be something legal. For instance, you download an installer for some program you need or an update for some program. However, what is unboxed turns out to be a harmful agent that compromises your data. As the update file can have any title and any icon, you’d better be sure that you can trust the resource of the files you’re downloading. The best way is to use the software companies’ official websites.
As for the peer-to-peer networks like BitTorrent or eMule, the danger is that they are even more trust-based than the rest of the Web. You can never guess what you download until you get it. So you’d better be using trustworthy resources. Also, it is a good idea to scan the directory containing the downloaded objects with the anti-malware utility as soon as the downloading is done.
How do I get rid of the Harpoonlocker virus?
It is important to inform you that besides encrypting your files, the Harpoonlocker virus will probably deploy the Azorult Spyware on your machine to get access to credentials to various accounts (including cryptocurrency wallets). That program can derive your logins and passwords from your browser’s auto-filling data.
Sometimes tamperers would decrypt some of your files so you know that they do have the decryption tool. As Harpoonlocker virus is a relatively recent ransomware, anti-malware engineers have not yet found a way to undo its work. However, the decryption instruments are frequently upgraded, so the effective countermeasure may soon arrive.
Sure thing, if the hackers succeed in encoding victim’s critical files, the hopeless person will probably fulfill their demands. Despite that, paying to criminals does not necessarily mean that you’re getting your blocked information back. It is still dangerous. After getting the ransom, the racketeers may deliver a wrong decryption code to the victim. There were reports about ransomware developers just disappearing after getting the ransom without even writing back.
The optimal countermeasure to ransomware is to have aan OS restore point or the copies of your critical files in the cloud storage or at least on an external storage. Surely, that might be insufficient. The most crucial thing could be that one you were working on when it all went down. Nevertheless, it is something. It is also reasonable to scan your drives with the antivirus program after the OS restoration.
Harpoonlocker is not the only ransomware of its kind, since there are other specimens of ransomware out there that act in the same manner. Examples of those are Ravencoin, Iavpt, J2xnp, and some others. The two major differences between them and the Harpoonlocker are the ransom amount and the encoding method. The rest is almost identical: documents become inaccessible, their extensions altered, ransom notes are created in each directory containing encoded files.
Some fortunate victims were able to decrypt the arrested files with the help of the free tools provided by anti-malware experts. Sometimes the racketeers accidentally send the decryption code to the victims in the ransom readme. Such an extraordinary fail allows the injured part to restore the files. But naturally, one should never expect such a chance. Make no mistake, ransomware is a bandits’ technology to pull the money out of their victims.
How to avoid ransomware injection?
Harpoonlocker ransomware doesn’t have a endless power, so as any similar malware.
You can defend your computer from ransomware attack taking several easy steps:
- Never open any letters from unknown senders with unknown addresses, or with content that has nothing to do with something you are expecting (can you win in a money prize draw without even taking part in it?). {In case|If the email subject is likely something you are expecting, scrutinize all elements of the questionable email carefully. A fake letter will always have mistakes.
- Never use cracked or unknown software. Trojans are often shared as a part of cracked software, possibly under the guise of “patch” which prevents the license check. Understandably, dubious programs are very hard to tell from reliable software, as trojans sometimes have the functionality you seek. You can try searching for information on this software product on the anti-malware forums, but the best solution is not to use such programs at all.
Reasons why I would recommend GridinSoft1
Download Removal Tool.
Run the setup file.
Press “Install” button.
Once installed, Anti-Malware will automatically run.
Wait for the Anti-Malware scan to complete.
Click on “Clean Now”.
Leave a Comment