What is BigLock Ransomware
This article focuses on BigLock cryptovirus, which gained distribution in the second half of May 2020. It has another alternative name as CoronaLock or Corona-lock. Like many similar threats, it encrypts user files of various types using the ChaCha & AES+RSA algorithms. Moreover, BigLock deletes shadow copies of files and system restore points. This is done so that the user has not had the opportunity to recover files on his own. When you try to open any file, the user sees on the screen the text file containing information about encryption. It is worth noting that during the study of this ransomware, a tendency was revealed that it appears on the computer simultaneously with crypto viruses from the STOP (DjVu) family. So, for example, files are encrypted one at a time and they are assigned the extension .biglock, then corona-lock, then .covm, and so on.
In the note, the attackers urge the user to pay a ransom in the amount of several hundred dollars in cryptocurrency equivalent. Thus, fraudsters are hiding from justice. Also, attackers scare users by saying that if they don’t pay, then the files will be lost forever. Crypto ransomware has two varieties of notes with ransom requirements. An earlier version does not contain any contact information, which allows us to conclude that it was a draft version. Here’s what they look like:
##############################################
################# YOUR FILES WERE ENCRYPTED #########
########## AND MARKED BY EXTENSION .biglock ############
##############################################
——————————————————————————
All your important files have been encrypted!
——————————————————————————
Your files are safe! Only modified. (ChaCha+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. we are the only ones able to solve your problem.
We gathered highly confidential /personal data. These data are currently stored a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future.
We only seek money and our goal is not to damage your reputation or prevent your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back.
——————————————————————————
Make contact as soon as possible. Your private key (decryption key) is only stored temporarily.
IF YOU DON’T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
################################################
################ LIST OF ENCRYPTED FILES ###############
——————————————————————————
***
#############################################################
################# YOUR FILES WERE ENCRYPTED #################
############ AND MARKED BY EXTENSION .corona-lock ###########
#############################################################
—
DON’T WORRY! YOUR FILES ARE SAFE! ONLY MODIFIED :: ChaCha + AES
WE STRONGLY RECOMMEND you NOT to use any Decryption Tools.
These tools can damage your data, making recover IMPOSSIBLE.
Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.
If you want to decrypt your files, you have to get RSA private key.
—
To get RSA private key you have to contact us via email to:
—————————->> support@covidworldcry.com << and send us your id: >> 1598982*** << -- HOW to understand that we are NOT scammers? You can ask SUPPORT for the TEST-decryption for ONE file! -- ############################################################# ################## LIST OF ENCRYPTED FILES ################## ------------------------------------------------------------- C:\vcredist2010_x64.log-MSI_vc_red.msi.txt 372682 C:\vcredist2010_x64.log.html 88914 C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log 169690 C:\Program Files\Mozilla Firefox\precomplete 2865 C:\Program Files\Mozilla Firefox\removed-files 16 C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log 197548 C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log 171954 C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log 193090 C:\Users\Admin\deployment.properties 1646 C:\Users\Admin\ntuser.dat.LOG1 0 C:\Users\Admin\ntuser.dat.LOG2 0 ***
Of course, this is a trick. We do not recommend you pay. Use our recommendations to remove BigLock and decrypt your files. The penetration scheme is similar to other threats of this type. BigLock comes to PC through unprotected user network settings. This can come as an attachment in a spam mailing list or as a false update of programs or utilities installed on the user’s system. Be that as it may, you need to use antiviruses and other programs that really can protect your computer.
Well, there are 2 options for solving this problem. The first is to use an automatic removal utility that will remove the threat and all instances related to it. Moreover, it will save you time. Or you can use the Manual Removal Guide, but you should know that it might be very difficult to remove BigLock ransomware manually without a specialist’s help.
If for any reason you need to recover deleted or lost files, then check out our article Top 5 Deleted File Recovery Software
BigLock Removal Guide
Remember that you need to remove BigLock Ransomware first and foremost to prevent further encryption of your files before the state of your data becomes totally useless. And only after that, you can start recovering your files. Removal must be performed according to the following steps:
- Download BigLock Removal Tool.
- Remove BigLock from Windows (7, 8, 8.1, Vista, XP, 10) or Mac OS (Run system in Safe Mode).
- Restore .BigLock files
- How to protect PC from future infections.
How to remove BigLock ransomware automatically:
Norton is a powerful antivirus that protects you against malware, spyware, ransomware and other types of Internet threats. Norton is available for Windows, macOS, iOS and Android devices. We recommend you to try it.
If you’re Mac user – use this.
Manual BigLock Removal Guide
Here are step-by-step instructions to remove BigLock from Windows and Mac computers. Follow these steps carefully and remove files and folders belonging to BigLock. First of all, you need to run the system in a Safe Mode. Then find and remove needed files and folders.
Uninstall BigLock from Windows or Mac
Here you may find the list of confirmed related to the ransomware files and registry keys. You should delete them in order to remove virus, however it would be easier to do it with our automatic removal tool. The list:
BigLock.dll
_readme.txt
readme.txt
Windows 7/Vista:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to BigLock by using Removal Tool;
- Delete found files;
Windows 8/8.1:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to BigLock by using Removal Tool;
- Delete found files;
Windows 10:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to BigLock by using Removal Tool;
- Delete found files;
Windows XP:
- Restart the computer;
- Press Settings button;
- Choose Safe Mode;
- Find programs or files potentially related to BigLock by using Removal Tool;
- Delete found files;
Mac OS:
- Restart the computer;
- Press and Hold Shift button, before system will be loaded;
- Release Shift button, when Apple logo appears;
- Find programs or files potentially related to BigLock by using Removal Tool;
- Delete found files;
How to restore encrypted files
You can try to restore your files with special tools. You may find more detailed info on data recovery software in this article – recovery software. These programs may help you to restore files that were infected and encrypted by ransomware.
Restore data with Stellar Data Recovery
Stellar Data Recovery is able to find and restore different types of encrypted files, including removed emails.
- Download and install Stellar Data Recovery
- Choose drives and folders with your data, then press Scan.
- Select all the files in a folder, then click on Restore button.
- Manage export location. That’s it!
Restore encrypted files using Recuva
There is an alternative program, that may help you to recover files – Recuva.
- Run the Recuva;
- Follow instructions and wait until scan process ends;
- Find needed files, BigLock them and Press Recover button;
How to prevent ransomware infection?
It is always rewarding to prevent ransomware infection because of the consequences it may bring. There are a lot of difficulties in resolving issues with encoders viruses, that’s why it is very vital to keep a proper and reliable anti-ransomware software on your computer. In case you don’t have any, here you may find some of the best offers in order to protect your PC from disastrous viruses.
Malwarebytes
SpyHunter is a reliable antimalware removal tool application, that is able to protect your PC and prevent the infection from the start. The program is designed to be user-friendly and multi-functional.