How to remove the Locky ransomware for good

How to

Reading time icon 3 min. read

Calendar icon Updated on

by Madalina Dinita 

updated on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • Many Windows users reported that Locky ransomware has affected their PCs after using Facebook.
  • To remove this type of virus, you should run a reliable malware removal tool found here.
  • Start Windows in Safe mode and download an anti-malware solution.
  • Perform a system restore by following our step-by-step guide below.

Locky is a vicious ransomware launched in 2016. Although relatively young, Locky has already managed to make a name for itself — and not a positive one.

This ransomware is back in the spotlight due to the recent Facebook .svg.file threat. As a quick reminder, Locky has been spreading like wildfire over the social network lately, affecting many Facebook users. The virus evades Facebook’s whitelisting by pretending to be a .SVG image file and is mainly sent from compromised Facebook accounts.

We’re sure this is not Locky’s last major attack, therefore it’s very important to know how to remove this ransomware from your computer. Of course, prevention is better than cure and we recommend you install one of these anti-hacking tools on your machine as soon as possible.

After all, at this moment, it’s impossible to decrypt Locky files. Therefore, its victims have no other choice but buy the decryption key if they want to get back their files.

Remove Locky ransomware from your computer

1. Run a malware removal program

Download and install an anti-malware program and scan your computer. Malwarebytes is one of the most reliable and powerful tools, and you can download its trial version and install it in just a couple of minutes.

If for some reason you don’t want to download Malwarebytes, you can also try one of the following tools: Hitman ProSpybot Search & Destroy or SUPERAntiSpyware. Also, don’t forget to run a full system scan using your main antivirus program.

2. Start Windows in Safe mode with Networking

  1. Press SHIFT + Restart from the Sign in screen. Windows 10 will reboot.
  2. Go to Troubleshoot > Advanced options > Startup settings and click the Restart button.
  3. Once your PC restarts, choose Safe Mode with Networking by pressing the appropriate key.
  4. Log in and download an antimalware solution. Install the tool and launch a full system scan to remove any remnants of the ransomware.

3. Perform a system restore

A system restore allows you to undo unwanted system changes by reverting your computer to a previous working state. In other words, this action will restore your system’s configuration to a point prior to Locky having infiltrated your computer. This solution works if you already created a restore point on your computer prior to getting infected.

  1. Right-click the Start button > select Control Panel
  2. Search Control Panel for Recovery
  3. Select Recovery > Open System Restore > Next
  4. Choose the restore point related to the problematic ransomware attack > select Next > Finish.

We hope these three workarounds help you get rid of Locky. If you’ve come across other workarounds to remove Locky ransomware, list the troubleshooting steps in the comment section below.

More about the topics: Cybersecurity, Ransomware

Madalina Dinita

Madalina Dinita Shield

Networking & Security Specialist

Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies -- AI and DNA computing in particular. Prior to joining the WindowsReport team, she worked in the corporate world for a number of years.