What is SethLocker Ransomware

SethLocker is a recently-discovered ransomware infection. Cybercriminals use it to run encryption of potentially important files and then urge victims into paying money for their decryption. As opposed to many other similar infections that add their own extension to the end of filenames, SethLocker does run any visual alterations and leaves all files and icons in their original look. Despite this, the data is nonetheless encrypted and victims are prevented from accessing it. To return the blocked data, threat actors have written instructions in a text note called HOW_DECRYPT_FILES.txt.


Hello dear friend!
Your system was vulnerable. I'm here to teach you a lesson,The Security Lesson!!!!
All your files are encrypted including important file types! such as WORD PDF EXCEL VIDEOS PPT..etc
You must pay an amount of money in exchange for decrypting files and understanding the flaws in your system And preventing your files from becoming public or damaged forever.
Don't worry about the amount, it's too small.
To show our good intentions and trust, you can send us a small, worthless file to test the decryption for you.
Our contact email addresses:
dead@fakethedead.com | live@fakethedead.com
Send your ID to my email to speak about it. If We don't respond for 8 hours, send messages to this email:
Don't forget if you try to decrypt them yourself, never come back to us! because you will see how your files will be damaged forever. So the first thing you have to do is email us because no one can decrypt them at any cost and any effort!
We are awaiting you!

It says all important files have been encrypted due to a vulnerability within the system. In order to redo the malicious changes, victims are obliged to contact the swindlers via one of their e-mail addresses and pay money for decryption. The price for decryption is not disclosed in the message, however, cybercriminals claim it to be “too small”. In addition, victims are also allowed to send one non-valuable file and get it decrypted for free. This way cyber-crooks show their ability to decrypt the files and additionally give extra motivation for paying the ransom. Note that paying the ransom is usually not recommended since some extortionists fool their victims and do not send any decryption tools after the payment. Unfortunately, it is almost impossible to return the files for free without an available backup. In case there is none to be used, paying the ransom to cyber-crooks might be the only way to return back your files. Many ransomware infections contain little or no flaws that could expose encryption ciphers and let third-party decryption kick in to help. If you do not have a backup to restore the needed data and if you are also unwilling to pay the attackers, you may try using third-party tools from our guide as a last resort option. However, please be aware that currently, no third-party tool is known to be capable of successfully decrypting SethLocker files. Therefore, there is no guarantee that it will be effective in your particular situation.

sethlocker ransomware

How SethLocker Ransomware infected your computer

Ransomware developers rely on many cunning techniques to infiltrate file encryptors into an unprotected system. Most popular ones are usually considered to be phishing e-mail letters, trojans, deceptive third-party downloads, fake software updates/installers, backdoors, keyloggers, botnets, system exploits, and so forth. As a rule, the cause for catching a malicious infection is interaction with some malicious file or link that was imposed through one of the channels. When it comes to ransomware, developers often send e-mail letters that are camouflaged under legitimate companies/entities (e.g., delivery companies, tax authorities, banks, and so forth). Most often such letters attempt to trick inexperienced users into clicking some phishing link or opening a malicious attachment (.DOCX, .XLSX, .PDF, .EXE, .ZIP, .RAR, or .JS extensions). Unless there is a special anti-malware program in place, the intended infection will likely be installed onto the system after interaction with a malicious file is made. Do not trust such letters and never follow requests of suspiciously-looking messages. It is also important to download software only from trustworthy and legitimate websites. Various torrents and other download files that endorse installers of pirated, cracked, and other software can sometimes be infected and install malware instead. Read our article below to learn more practical information about how to protect yourself against such and similar threats in the future.

  1. Download SethLocker Ransomware Removal Tool
  2. Get decryption tool for your files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like SethLocker Ransomware

Download Removal Tool

Download Removal Tool

To remove SethLocker Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of SethLocker Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

Alternative Removal Tool

Download Norton Antivirus

To remove SethLocker Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of SethLocker Ransomware and prevents future infections by similar viruses.

SethLocker Ransomware files:


SethLocker Ransomware registry keys:

no information

How to decrypt and restore your files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt your files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of your files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with SethLocker Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore your files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like SethLocker Ransomware , in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. SethLocker Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove DVN Ransomware and decrypt .devinn files
Next articleHow to stop “Reconfirm Shipping Documents” e-mail spam