Remove Unlockmeplease@cock.li Ransomware (+File Recovery)

How to Remove Unlockmeplease@cock.li Ransomware?

Readers recently started to report the following message being displayed when they boot their computer:

All your important files are encrypted
Your files has been encrypted using RSA2048 algorithm with unique public-key stored on your PC.
There is only one way to get your files back: contact with us, pay, and get decryptor software.
We accept Bitcoin, and other cryptocurrencies, you can find exchangers on bestbitcoinexchange.io
You have unique idkey (in a yellow frame), write it in letter when contact with us.
Also you can decrypt 1 file for test, its guarantee what we can decrypt your files.
Contact information:
primary email: decryptsupport@protonmail.com
reserve email: decryptsupport1@cock.li


Unlockmeplease@cock.li
is the name given to a dangerous cyber threat. It falls under the ransomware umbrella. And, belongs to the Hermes family of ransomware. It’s dangerous and damaging. The infection uses slyness to slither into your system. And, once inside, makes a mess. It spreads its clutches throughout, and encrypts all the data, you keep on the PC. Everything gets locked. Documents, videos, pictures, music. If it’s on your PC, it gets encrypted. The infection uses a mixture of RSA and AES algorithms for the encryption process. It, then, adds a special extension at the end of each file – [unlockmeplease@cock.li].hrm. That’s why, the ransomware goes by that name. Once it finishes with the encryption process, it leaves you a note. A DECRYPT_INFORMATION.HTML file. It explains your situation, and lists demands. If you wish to decrypt your data, you have to pay a ransom. After you transfer the money, the cyber kidnappers will send you a decryption key. Or, so they claim, When you apply the key, your data gets unlocked. That’s their promise to you. Don’t fall for it! These are cyber extortionists with malicious intentions! Don’t fall for their treachery. Don’t pay them a single dime. It’s a tough call to make, but your best bet, is to forsake your files. Understand that the battle against a ransomware is a lost one. The game is rigged against you. You can’t win. The best course of action is to cut your losses, and put your faith on backups.

How did I get infected with?

Ransomware tools are quite sneaky. They manage to infiltrate your PC, unnoticed. They’re quite skilled in the art of deception. And, manage to slip by you unnoticed with the help of the old but gold invasive methods. The usual antics, include the following. Freeware, corrupted sites, links, or torrents. Of course, fake system or programs updates, provide an easy way in. And, then, there’s the spam email approach. It’s among the easiest methods for invasion. Say, you get an email that seems legitimate. It’s from PayPal or Amazon, or another well-known company. The email contains an attachment, and its text urges you to download it. Or, to click a specific link, it contains. If you follow its request, you get stuck with an infection. Always be on your guard. Don’t give into naivety, haste, and distraction. Take the time to do your due diligence. Caution helps you avoid such unpleasant surprises. Carelessness does the opposite. Make sure you know what you give the green light to. Even a little extra attention can save you a plethora of problems.

Remove Unlockmeplease@cock.li d

Why is Unlockmeplease@cock.li dangerous?

Can you trust the people, behind he ransomware? Ask yourself that before you contact them, before you transfer the ransom. Think about it before you make a mistake. Here’s the thing. You rest on the word of cyber criminals. They promised they would send you a decryption key, if you pay up. And, you hope they keep their promise. You have zero guarantees that they will. What if they choose to double-cross you, and send nothing? And, even if they send a key, don’t rejoice yet. It can be the wrong key. Yes, the extortionists can send a decryption key that doesn’t work on your encrypted data. But, even if they send the right one, it’s still not over. Yes, you may end up unlocking your data, but for how long? How long do you imagine that will last for? After all, you pay to remove the encryption, not the infection that forced it on you. The ransomware remains. So, the problem is still there. Even if the key works, a second later, your data can get locked again. Do you think it’s worth the gamble? Are you prepared to continuously throw money at cyber criminals, and hope for the best? Don’t! Forsake your files. As stated, it’s a difficult decision to make, but it’s the right one.

Unlockmeplease@cock.li Removal Instructions

STEP 1: Kill the Malicious Process

STEP 2: Reveal Hidden Files

STEP 3: Locate Startup Location

STEP 4: Recover Unlockmeplease@cock.li Encrypted Files

STEP 1: Stop the malicious process using Windows Task Manager

  • Open your task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Locate the process of the ransomware. Have in mind that this is usually a random generated file.
  • Before you kill the process, type the name on a text document for later reference.

end-malicious-process

  • Locate any suspicious processes associated with Unlockmeplease@cock.li encryption Virus.
  • Right click on the process
  • Open File Location
  • End Process
  • Delete the directories with the suspicious files.
  • Have in mind that the process can be hiding and very difficult to detect

STEP 2: Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

STEP 3: Locate Unlockmeplease@cock.li encryption Virus startup location

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.

win-plus-r

Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to:

Navigate to your %appdata% folder and delete the executable.

You can alternatively use your msconfig windows program to double check the execution point of the virus. Please, have in mind that the names in your machine might be different as they might be generated randomly, that’s why you should run any professional scanner to identify malicious files.

STEP 4: How to recover encrypted files?

  • Method 1: The first and best method is to restore your data from a recent backup, in case that you have one.

windows system restore

  • Method 2: File Recovery Software – Usually when the ransomware encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may try to use file recovery software to recover some of your original files.
  • Method 3: Shadow Volume Copies – As a last resort, you can try to restore your files via Shadow Volume Copies. Open the Shadow Explorer part of the package and choose the Drive you want to recover. Right click on any file you want to restore and click Export on it.

Leave a Comment