What is Locky ransomware?
Locky ransomware is a notorious file-encrypting virus from Locky family. In case if you can’t open your personal files whether they are text documents, photo or video files and the extension of them is changed to .zepto, .aesir, .shit, .odin, .thor, or .locky, so, your system is invaded with Locky virus. Moreover, new version of Locky renames all encrypted files using unique hexadecimal algorithm. Therefore, the chances of identifying original files virtually come to nothing. The instruction is displayed on the screen as a desktop wallpaper that contains the following text:
From this message, victims find out that the only way of restoring their files is to pay for the ransom (.5 BitCoin equals approximately $207.63). Unfortunately, it’s kind of true because the decryption requires special key which crooks prudently keep on remote server. Locky can also eliminate all file shadow volume copies. At this moment, there is no free tool capable of decrypting files affected by Locky. Restoring your files from a backup is the only way to solve this problem. However, you should not be pushed about by malefactors because the users who paid for their dubious services never received decryption key in many cases. On the contrary, you only may encourage them to continue their dirty business.
To prevent suсh kinds of the threats as Locky Ransomware in the future follow these tips:
- Adjust your email anti-spam settings to filter out all the potentially unsafe incoming messages.
- Make sure, the attachments with the following extensions: .js, .vbs, .docm, .hta, .exe, .cmd, .scr, and .bat. place in the black list
- Rename the vssadmin.exe process to protect Shadow Volume Copies of your files from removal.
- Raise the level of protection of your Firewall. It can prevent ransomware from connecting with its server.
- Do not forget to backup your files regularly. This will facilitate process of decrypting files in case of infection.
- Install antimalware tool because it can detect ransomware in advance and remove the malware before the infection.
How Locky ransomware infects your PC?
Locky ransomware infiltrates your system by means of phishing. Ordinarily, cybercriminals distribute their product via spam emails with fake header information that might inspire trust like Amazon, DHL or FedEx. Most of these emails are disguised themselves as invoices, scanned documents from office, bills, information about failed payment. In this way, the forged messages are attached with the malicious archive containing this dreadful virus. Inside the archive, mainly ZIP archive, is executable file (HTA, JS, or WSF scripts) once launching which the Locky ransomware will begin its nasty work. First, it starts running a scan for data then encrypts the targeted files using RSA-2048 and AES-256 algorithms. One of the curious fact is the Locky ransomware leaves unscathed computers with Russian language interface. As developers of the malware are patriots in their own way. It also can get into your system through fake software updates, torrent (P2P) networks, and trojans.
After finishing infiltrating process, Locky ransomware take following steps:
- Locky ransomware creates a few instruction files ( _HELP_instructions.html, -INSTRUCTION.bmp) which puts in each folder with encrypted file.
- Locky ransomware make a connection with its Command and Control server in order to receive configuration data and other information about your computer.
- Locky ransomware changes your computer’s settings to make it run automatically whenever Windows starts up.
- Locky ransomware is seeking for certain type of data and encrypting it with it’s advanced encryption algorithm.
How to remove Locky ransomware from your computer?
The best and easiest way to remove Locky ransomware from your computer is to use special anti-malware program that has this threat in its database. As stated above, you need proper and reliable anti-malware program, that’s why we recommend you to use SpyHunter.
SpyHunter – it scans your computer and detects various threats like Locky ransomware, then completely removes it. One of the best features of this program – large threat’s database. SpyHunter’s newly advanced ransomware detection technology is able to run an instant ransomware scan and show you a message about detection. After deep scanning of your system, it will easily find and delete Locky ransomware. Use this removal tool to get rid of Locky ransomware for FREE.
How to decrypt .zepto files encrypted by Locky ransomware?
Once you’ve removed virus, you are probably thinking of recovering files from encryption. Let’s take a look at possible ways of decrypting your data.
Recover data with Data Recovery
- Download and install Data Recovery
- Select drives and folders with your files, then click Scan.
- Choose all the files in a folder, then press on Restore button.
- Manage export location.
Decrypt .zepto files manually
You can try to use one of these methods in order to restore your encrypted data manually.
Restore data with Windows Previous Versions
This feature is working on Windows Vista (not Home version), Windows 7 and later versions. Windows saves copies of files and folders which you can use to restore data on your computer. In order to restore data from Windows Backup, take following steps:
- Open My Computer and search for the folders you want to restore;
- Right-click on the folder and choose Restore previous versions option;
- The option will show you the list of all the previous copies of the folder;
- Select restore date and the option you need: Open, Copy and Restore.
Restore the system with System Restore
You can always try to use System Restore in order to roll back your system to its condition before infection infiltration. All the Windows versions include this option.
- Type restore in the Search tool;
- Click on the result;
- Choose restore point before the infection infiltration;
- Follow the on-screen instructions.