How to remove RegretLocker ransomware on Windows 10
2 min. read
Published on
Share this article
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more
Key notes
- Windows 10 and Windows Hyper-V virtual machines are a target for the RegretLocker ransomware.
- If thatโs your issue too, refer to the below steps in order to remove RegretLocker on Windows 10.
- You should also check out and use one of these great ransomware decrypt tools to stay protected.
- All it takes is a second to bookmark our Security & Privacy Software Hub for more useful tips.
RegretLocker is a recently identified malicious software and classified as ransomware. Recently, it started to target Windows 10.
All systems infected with this ransomware have their data encrypted and all of the affected files are appended with the .mouse extension.
For example, a regular 1.jpg file would appear as 1.jpg.mouse. After the encryption process is complete, ransom notes titled How to restore files.txt are dropped into compromised folders.
Moreover, users receive ransom demands for the decryption. The issue is now affecting Windows Hyper-V virtual machine as well.
In this case, a virtual hard disk is created and stored in a VHD or VHDX file, containing a raw disk image, including a drive’s partition table and partitions.
How can I remove RegretLocker ransomware on Windows 10?
- Press the Power button at the Windows login screen. Then, press and hold Shift, and click Restart.
- You can now select Troubleshoot > Advanced options > Startup Settings.
- Then, press Restart once again.
- Once your PC is active, select Enable Safe Mode with Command Prompt.
- Up next, enter cd restore and click Enter.
- Type rstrui.exe and press Enter again.
- When a new window appears, click Next and select a restore point that is prior to the infiltration of RegretLocker.
- After doing that, click Next.
- Finally, click Yes to confirm the system restore.
In order to remove RegretLocker ransomware on Windows 10, you simply need to apply the above steps. The code used by RegretLocker may have its source from a recently published security research.
When it comes to the affected Windows Hyper-V virtual machines, RegretLocker uses the Windows Virtual Storage API OpenVirtualDisk, AttachVirtualDisk, as well as GetVirtualDiskPhysicalPath functions to easily mount and compromise virtual disks.
Also, the Windows Restart Manager API is involved in the process, to terminate Windows services that keep a file open during encryption.
Have you been affected by the RegretLocker ransomware? Let us know if the above procedure proved to be useful in your case too.
[wl_navigator]
