Remove Joker_lucker@aol.com.wallet ransomware and Restore Files

How to Remove Joker_lucker@aol.com.wallet Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

To decrypt your files write me to
Joker_lucker@aol.com or
alternative email lavandos@dr.com


Joker_lucker@aol.com
is an email address, you get asked to contact after your data gets encrypted. Confused? Let’s elaborate. If you suffer a ransomware invasion, you’ll get asked to contact unknown third parties. And, you’ll get asked to do so via that email. The ransomware menace behind the email is a relatively new one. It’s a variant of the Dharma ransomware, which, in turn, was a derivative of the CrySiS one. The Joker ransomware, for short, is no less dangerous than the other programs of its type. It invades your PC with subtlety and deceit, and then wreaks havoc. After the infection sneaks in, it encrypts every file you have. Pictures, documents, videos, music, everything. All your data gets locked with a strong AES + RSA encryption method. When the program’s done, you’ll find your files with an added extension. They’ll either have “wallet” or “dharma” at the end. Think of them as the final nail in the cyber coffin. The extension solidifies the Joker’s grasp over your data. Once they get appended, the ransomware proceeds to leave its demands. It leaves a ransom note as a file on your Desktop, and in each folder, containing locked data. It states the same information. You have to contact the data kidnappers, using one of two emails – Joker_lucker@aol.com or alternative email lavandos@dr.com. Then, they request you pay them in Bitcoin. After you do, they’ll give you the means to decrypt your files. But, if you transfer the ransom amount, you’ll regret it. It would be a colossal mistake. If you pay these people, you give them access to your personal and financial details. And, that’s hardly a good idea, don’t you think? Don’t let malicious strangers into your private life! It won’t end well.

How did I get infected with?

Ransomware tools invade your computer with trickery. They turn to slyness and subtlety, and sneak in undetected. By the time you become aware of their presence, they’ve taken over. The old but gold methods of infiltration come into play. For example, the nasty program can pose as a fake update. Like, Java or Adobe Flash Player. So, while you believe you’re installing updates, you’re far from it. In actuality, you’re allowing a dreaded application into your PC. The ransomware can also lurk behind corrupted links or freeware. Or, even spam email attachments. So, don’t open or download anything, you receive from suspicious or unknown senders. Odds are, you won’t like the consequences. Above all else, remember that caution counts! It goes a long way, and can save you a ton of grievances. Don’t give into gullibility. Don’t rush. Go the opposite route. Be extra vigilant, and always do your due diligence.

Remove Joker_lucker@aol.com.wallet

Why is Joker_lucker@aol.com.wallet dangerous?

Are you familiar with the DC Universe? Have you heard of their hero line-up? The Big Three – Superman, Batman, Wonder Woman? Well, the people behind the infection, you’re stuck with, definitely, have. They drew their inspiration from one of the worst comic book villains of the DCU. The bane of Batman, the Joker. It’s clear to see when you find yourself face to face with the Joker’s picture on your Desktop. The ransomware places it there when it’s done encrypting your data. The picture shows a simple text: “To decrypt your files write me to Joker_lucker@aol.com or alternative email lavandos@dr.com.” It’s the ransom note, the program leaves you. If you follow its instructions, and comply, you get your data back. Or, so the tool claims. It tries to convince you that compliance leads to the decryption of your files. So, if you pay up the ransom, the extortionists send back a decryption key. Apply that key, and your files get released. But, think about that for a moment. These are cyber criminals, who locked your files, and demanded money from you. They are far less than trustworthy. There’s a myriad of ways the exchange can go wrong, and these people double-cross you. You can pay their ransom, but still get left key-less. The cyber kidnappers can opt NOT to send you one. Or, if they send you a key, what if it doesn’t work? Those are valid scenarios. And, even if they do send you the right one and it works, what then? The decryption key unlocks your encrypted data. No more, no less. It does not get rid of the infection. The ransomware is still there. It can strike again an hour after decryption, a day, a week! And, you get right back to square one. Only this time, you have less money. And, strangers have access to your private life. Don’t allow your privacy to get exposed! Don’t comply with the cyber criminals behind the Joker_lucker@aol.com.wallet infection.

Joker_lucker@aol.com.wallet Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Joker_lucker@aol.com.wallet Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Joker_lucker@aol.com.wallet encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Joker_lucker@aol.com.wallet encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment