Easily Remove Lick Ransomware : Ransomware Removal Guide

Easily Remove Lick Ransomware : Ransomware Removal Guide
Rate this post

Lick ransomware

Lick Ransomware is a latest appearance in encryption threat category which was first detected by security researcher Jakub Kroustek on March 22nd, 2017. This complex file encrypting program is written in Python programming language and considered to be the latest version of KIrk ransomware. According to the malware researcher, they mostly get threat report from the PC users of North America and Western Europe. Being a encoding threat, it silently lurk down in the targeted system and start its encryption process. Developer of this ransomware use a trick to encrypt data of compromised system. It disguise it as a File decryptor which help you to unlock the files which get encoded by other ransomware. But don’t get disguised because it is only a trick to lock your files and make them inaccessible. Hence expert recommend to remove it immediately from PC.

How Lick Ransomware carry out its attack?

As mentioned above, developer of Lick Ransomware advertise it as a File decryptor program which allow user to decrypt files encoded by crypto-malware. Users whose computer is infected by other ransomware may believe it as a helpful program. The fake decryptor program provided by this ransomware is known as “File Decrypter v1.0.1.0”. User who run this fake decryptor will end up infecting their file. Different antivirus vendor has detected the fake decryptor as following names:

  • Ransom/W32.Crypren.6615148
  • Python/Filecoder.O
  • Ransom_KIRK.B
  • Trojan.Siggen7.15682
  • Troj/Ransom-EJN
  • Trojan.Win32.Generic!BT
  • Trojan-Ransom.Win32.Crypren.ador

When you run the fake decryptor, a dialogue box will appear which contain the following message:

User who use the fake decryptor of Lick Ransomware will not get a legitimate configuration panel as a genuine decoder do. After running the fake decryptor, user will notice that the PC is running slow. Most of the user ignore this slow performance thinking it due to working of decryptor. But in real the slow performance is due to locking of files across the drive. Once the fake decryption process is complete user will be urge to wait and they get a batch file named as Lick which contain the following text.

ransom message

Lick Ransomware : What happens after the attack?

After successful invasion, Lick Ransomware scan the available drive and encrypt a large number of file types including presentations, spreadsheets, images, video, audio, PDF and eBooks. After encryption, it appends “.Licked” extension to each of the encrypted files. After that it droop two file namely ERRORLOG.txt and stats.txt. The ERRORLOG.txt file contain message which demand ransom in exchnage of the decryptor and stats.txt file contain complete list of the encrypted files. Beside that it also contain a PWD file which contain password but it is also locked by the threat.

In its ransom note, Lick Ransomware claim that the encrypted file is only be decoded using decryption tool along with the password which is hidden in PWD file. The ransom amount depends on the time taken by victim to buy the decryptor. If victim take 3 to 7 days then they have to pay 100 Monero and the price is increased to 500 Monero if they take 15 to 30 days. Expert recommend to avoid paying ransom and remove Lick Ransomware by using a powerful removal tool.

Instruction to remove Lick Ransomware

If you have also encounter Lick Ransomware then you must remove it before restoring your files otherwise it will create more issues. In order to remove it, you can go for manual or automatic removal. To remove it manually, follow the below steps.

Step 1 : Remove ransomware via control panel

  • Click on Start menu > Control Panel
  • Now go to programs option > click on Uninstall a Program.
  • Search for ransomware related files
  • Select the suspicious program and click Uninstall/Change
  • Click OK to save the changes.

Step 2 : Stop malicious process From Task Manager

  • Press Windows + R button together.
  • A run box will launch on your screen
  • Now type “taskmgr” in run box
  • After that click on OK button.
  • In the Process tab and select malicious process
  • Click on End process tab

Step 3 : Remove malicious registry from Registry editor

  • Open Run window by Pressing Windows + R Keys together
  • Now, Type regedit >> press enter.
  • All harmful registry files related shown here.
  • Delete them to get rid of Lick Ransomware

If you are having problem in removing ransomware manually then don’t be panic. You can use Free-scanner which is an automatic tool that remove Lick Ransomware completely.

User Guide For Free Scanner Tool

Leave a Reply

Your email address will not be published. Required fields are marked *