Decrypt Essential Files and Folders Encrypted by Locky Ransomware

locky-ransomware-100645181-large
Millions of malware and thousands of atrocious hacker gangs to hack online world using several techniques. In fact, reusing the same methods that has been worked from years, doesn’t do anything new and interesting to get benefits from laziness, lapses in judgment and many other activities. Yet every year security experts and antimalware researchers come across with mind blowing techniques that raise eyebrows. These malicious techniques enlarges boundaries of malicious hacking using deceptive malware.

Today’s most perilous malware are introduced stealthily inside the system by hackers. In February 2016, Internet world was shaken by the new ransomware Trojan Locky. The Trojan has been actively propagating up to the present day. So most probably you are very much curious to know what this time new with this malware and how you can protect your system against it.

Source – https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

How Locky Ransomware Propagates inside PC?

fake-invoice-email-locky-ransomwareLocky is ransomware Trojan, doesn’t shows any major differences from other ransomware family members. However, it is noticed by researchers because it was so active and so widespread. This catastrophic Trojan virus distributed via, mass mailings with malicious loaders attached to spam messages. These spam messages is consist of an attached DOC file with a macro. After that Locky Trojan gets downloaded from a remote server and executed it.

Get trapped in something suspicious is easy process but to overcome out of it is difficult. If you are infected with Locky Ransomware, then take effective steps to Uninstall Locky Ransomware from system.

How Locky Ransomware works?

The Locky Ransomware is an executable file of up to 100 kb in size. It is written in C++ using STL, and is compiled in Microsoft Visual Studio. When it is launched, it copies itself to %TEMP%\svchost.exe and deletes the NTFS data stream Zone. Identifier from its copy – this is done to ensure that when the file is launched, Windows does not display a notification saying that the file has been downloaded from the Internet and may be potentially dangerous. The Trojan then launches from %TEMP%.

ransomware-process

Vicious Action Performed by Locky Ransomware

  • Receives a public RSA-2048 key and infection ID from C&C.
  • Sends information about the language of the infected operating system, receives the cybercriminals ransom demand text that will be shown to the victim, saves the text in the registry.
  • Searches for files with specific extensions on local disk drives, encrypts them.
  • Searches for an encrypts files with specific extensions on network drives and on network file resources with no assigned drive letter
  • Displays the cybercriminals ransom demands to the victim
  • Terminates its process and removes itself.

imagesPrevention Tips –

  1. Do not open attachments in emails from senders you don’t know;
  2. Back up your files on a regular basis and store the backup copies on removable storage media or in cloud storages – not on your computer;
  3. Regularly run updates for your antivirus databases, operating system and other software installed on your computer;
  4. Create a separate network folder for each user when managing access to shared network folders.

Source – http://blogs.systweak.com/2016/04/how-to-decrypt-locky-ransomware-files-locky-ransomware-removal/