What is Locdoor Ransomware

Locdoor Ransomware, also known as DryCry, is a piece of malware that tries to get users to pay money by convincing them that their files have been encrypted. This ransomware, discovered by a cybersecurity researcher, is a rather strange one, and is either really buggy or is still in development. It doesn’t actually encrypt files, or at least not the typical ones, but tries to convince the user that it did. When the malware in launched on a computer, some files will have their file extensions changed, and a ransom note will appear. It will claim that important files have been locked and in order to recover them, the victim is supposed to pay $0.10 in Bitcoin to the provided address. The ridiculously low sum strongly indicates that the ransomware is still in development. Whatever the case may be, there is no need to engage with the crooks and pay the 10 cents, seeing as your files have not been encrypted. Even if they were, there are various reasons why paying the ransom is not a good idea. While those reasons are more relevant in cases when the ransom is $100 and up, we will discuss them later on in the report nevertheless.

It’s highly likely that you recently opened a spam email, or rather a spam email attachment. Malicious spam campaigns are pretty common, which is why it’s important that you deal with emails carefully and never open attachments carelessly. It could lead to serious consequences. Picking up infections is also possible by pressing on infected ads or downloading programs or content from unreliable sources. Therefore, overall careful behaviour is necessary in order to avoid infecting a computer with malware.


If you are not interested to know more about this ransomware, you can safely proceed to remove Locdoor Ransomware.

How does ransomware spread?

As we have said above, there are a couple of ways the ransomware could have gotten in. One of the more common causes for a ransomware infection is opening spam emails and files attached to them. In many cases, the email carrying the ransomware looks pretty fake, but not everyone is aware of the dangers of such emails, thus a lot of users end up opening the attachments without a second thought. Such emails generally are filled with grammar mistakes and contain strong encouragement to open the attachment. The sender may claim that the attachment is some kind of receipt or some other important money-related document. Since users would react to mentions of money more strongly, this topic is very commonly used. If the email lacks the common signs of spam, like it does not contain grammar mistakes, you need to look at other signs. For example, check that sender’s email is not some random string of numbers and letters. The way you are addressed can also be a clear giveaway. If the sender claims to be your bank or some other service you use, you will be addressed by name. Spam emails often generically refer to receivers as Members, Customers, Users, etc.

If you are someone who regularly downloads programs and content from unreliable sources, you may also be putting your computer and files in danger. Stick to legitimate websites and avoid sites that distribute pirated content.

What does the ransomware do?

Generally, file encrypting begins once the ransomware is opened. That malware would lock files without users noticing and would then demand money in exchange for a decryptor. This ransomware behaves similarly, except that it doesn’t encrypt files. It adds a .door[random number] file extension to some files, but doesn’t actually lock them. Once this is done, the malware places some files on the desktop, including a “Notice_readme.txt” file. This acts as the ransom note which explains what the victim is supposed to do next. It is falsely explained that files have been encrypted and that in order to recover them, the victim is supposed to send crooks $0.10 equivalent of Bitcoin, take a picture to confirm the transaction and then send it to them. After they have confirmed the transaction, the victim will get his/her decryptor. Since files have not been encrypted, there is no need to send anything. What you do need to, however, is delete Locdoor Ransomware from your computer.

However, we should mention that even if the ransomware actually encrypted your files and you were asked to pay, it would not be recommended. Security experts always advise against paying because it rarely leads to file decryption. In many cases, crooks just take the money and then provide nothing in return, as there is nothing stopping them from doing so. While $0.10 is not a lot of money to lose, there are cases where victims are asked to pay hundreds or even thousands of dollars, in which case the loss would be significant.

In order to avoid situations where file loss a possibility, you should invest in backup. There are various options available for you to choose from, and it would save you a lot of trouble.

Locdoor Ransomware removal

We do recommend that you use anti-malware software to uninstall Locdoor Ransomware as otherwise you might end up doing more damage than good. Install anti-malware software, scan your computer and get rid of the ransomware.

Different anti-malware will detect the ransomware under a different name, here are a few:

  • BAT/Hoax.FakeFileCoder.L by ESET;
  • Ransom.Locdoor by Malwarebytes;
  • Ransom:Win32/Roodcol by Microsoft;
  • Trojan.Gen.2 by Symantec;
  • Hoax.Win32.FakeRansom.fr by Kaspersky.
  • Offers

    More information about WiperSoft and Uninstall Instructions. Please review WiperSoft EULA and Privacy Policy. WiperSoft scanner is free. If it detects a malware, purchase its full version to remove it.

    • wipersoft

      WiperSoft Review Details WiperSoft (www.wipersoft.com) is a security tool that provides real-time security from potential threats. Nowadays, many users tend to download free software from the Intern ...

    • mackeeper

      Is MacKeeper a virus? MacKeeper is not a virus, nor is it a scam. While there are various opinions about the program on the Internet, a lot of the people who so notoriously hate the program have neve ...

    • malwarebytes-logo2

      While the creators of MalwareBytes anti-malware have not been in this business for long time, they make up for it with their enthusiastic approach. Statistic from such websites like CNET shows that th ...


    Quick Menu

    Step 1. Delete Locdoor Ransomware using Safe Mode with Networking.

    Remove Locdoor Ransomware from Windows 7/Windows Vista/Windows XP
    1. Click on Start and select Shutdown.
    2. Choose Restart and click OK. Windows 7 - restart
    3. Start tapping F8 when your PC starts loading.
    4. Under Advanced Boot Options, choose Safe Mode with Networking. Remove Locdoor Ransomware  - boot options
    5. Open your browser and download the anti-malware utility.
    6. Use the utility to remove Locdoor Ransomware
    Remove Locdoor Ransomware from Windows 8/Windows 10
    1. On the Windows login screen, press the Power button.
    2. Tap and hold Shift and select Restart. Windows 10 - restart
    3. Go to Troubleshoot → Advanced options → Start Settings.
    4. Choose Enable Safe Mode or Safe Mode with Networking under Startup Settings. Win 10 Boot Options
    5. Click Restart.
    6. Open your web browser and download the malware remover.
    7. Use the software to delete Locdoor Ransomware

    Step 2. Restore Your Files using System Restore

    Delete Locdoor Ransomware from Windows 7/Windows Vista/Windows XP
    1. Click Start and choose Shutdown.
    2. Select Restart and OK Windows 7 - restart
    3. When your PC starts loading, press F8 repeatedly to open Advanced Boot Options
    4. Choose Command Prompt from the list. Windows boot menu - command prompt
    5. Type in cd restore and tap Enter. Uninstall Locdoor Ransomware  - command prompt restore
    6. Type in rstrui.exe and press Enter. Delete Locdoor Ransomware  - command prompt restore execute
    7. Click Next in the new window and select the restore point prior to the infection. Locdoor Ransomware  - restore point
    8. Click Next again and click Yes to begin the system restore. Locdoor Ransomware  removal - restore message
    Delete Locdoor Ransomware from Windows 8/Windows 10
    1. Click the Power button on the Windows login screen.
    2. Press and hold Shift and click Restart. Windows 10 - restart
    3. Choose Troubleshoot and go to Advanced options.
    4. Select Command Prompt and click Restart. Win 10 command prompt
    5. In Command Prompt, input cd restore and tap Enter. Uninstall Locdoor Ransomware  - command prompt restore
    6. Type in rstrui.exe and tap Enter again. Delete Locdoor Ransomware  - command prompt restore execute
    7. Click Next in the new System Restore window. Get rid of Locdoor Ransomware  - restore init
    8. Choose the restore point prior to the infection. Locdoor Ransomware  - restore point
    9. Click Next and then click Yes to restore your system. Locdoor Ransomware  removal - restore message

Site Disclaimer

2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.

The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.

Leave a Reply