MedusaLocker ransomware: Will I every get my files back?

MedusaLocker ransomware is designed to encrypt your personal files and demand around 2,2223 bitcoin or $12000. The demand varies on different versions of the MedusaLocker ransomware.

MedusaLocker ransomware encrypts files on your computer and adds a string of unique characters to the encrypted files extension. For example, image.jpg becomes image.jpg.[uniquecharacters]

The decrypt text-file with instructions is placed on the Windows desktop: Ako-ReadMe.txt

In the text displayed by the ransomware, the following is reported.

medusalocker ransomware

Your network has been hacked and locked.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed. Any 3rd party software may damage encrypted data but not recover.
We have decryption software for your situation.
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN – files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
To get info (decrypt your files) follow this instructions:
1) [Recommended] via Tor Browser:
  a) Download and install Tor Browser:
  b) Open our website in TOR: http://kwvhrdibgmmpkhkidrby4mccwqpds5za6uo2thcw5gz75qncv7rbhyad.onion/U0T9NR3RCU3PNABN
2) If you have any problems connecting or using TOR network:
  a) Open our website:
  b) Follow the instructions on the site.
The faster you get in contact – the lower price you can expect.
When you open our page, paste this key in form:

In most cases, it is not possible to recover the files encrypted by MedusaLocker ransomware without the intervention of the Ransomware developers. The only way to recover files infected by MedusaLocker ransomware is to pay the ransomware developers. I do not recommend paying for the MedusaLocker ransomware, instead, make sure you have a valid FULL back-up of Windows and restore it immediately.

medusalocker payment page

The developers of MedusaLocker ransomware offer support chat for victims on the payment page. MedusaLocker developers demand to pay the ransom within 5 days if the user doesn’t pay within 5 days the ransom is doubled to 4.4446 BTC ($24.000). It looks like the Medusa Locker ransomware developers are trying to get a few victims as these demands are unusually high for ransomware.

I’m not going to bore you with removal instructions that do not work. There is a lot of information on the Internet about how to get your files back that is encrypted by the MedusaLocker ransomware, but they do not work. For example, system restore, shadow copies, boot in windows recovery mode etc, these instructions do not work.

It’s a waste of time and valuable money. Most likely you need to buy a malware removal tool, which is useless in the MedusaLocker ransomware to personal restore files, it might remove the payload (the file that encrypted your files).

Ransomware is specifically designed to prevent users from restoring files using windows recovery, system restore, shadow copies. The only thing I recommend is to read my article: What you should do when you are infected with ransomware. The article includes a FREE malware removal tool to remove the payload of the MedusaLocker ransomware and instructions on how to proceed after the MedusaLocker ransomware infection.