help with Locky virus
- Thread starter ethan
- Start date
Pretty much this, once you've got it not much you can do unless your on the lucky list of keys that the FBI? released.
Soldato
- Joined
- 14 Dec 2013
- Posts
- 2,589
Is it Locky or AutoLocky? If its AutoLocky I think there is a decryption tool available.
This, AutoLocky is a fake version of Locky and actually has flaws which allows it to be decrypted: https://decrypter.emsisoft.com/autolocky
But if it's the actual Locky ransomware, you're stuck. I had this hit two clients and couldn't retrieve the files back, so had to reformat the infected systems.
Showing my ignorance here but on one of the locked files I right clicked the tab for restore previous version only to be greeted by there being no previous version. I'm assuming that once Spy hunter has completed its scan and removed locky, the correct procedure would be to restore to a previous restore point. Would there still be a restore point available prior to infection where those files would be unencrypted? I'm guessing here but I'm assuming there won't be.
Associate
- Joined
- 17 Nov 2008
- Posts
- 383
Locky is Ransomware if it is Locky it will give you a price to release the files
Shadow copies not there 
It appears only to have targeted the pdf's so far; each saying locky). After the scan Spyhunter also appears to request a payment of £26.00 to apply the fix. I haven't got a clue what the IT guy is doing as I was kept out of the loop. Office workers with a talent for opening everything that is emailed are a complete disaster. Anyway, on my PC I've installed the free Bitdefender anti ransom app as a precaution.
It appears only to have targeted the pdf's so far; each saying locky). After the scan Spyhunter also appears to request a payment of £26.00 to apply the fix. I haven't got a clue what the IT guy is doing as I was kept out of the loop. Office workers with a talent for opening everything that is emailed are a complete disaster. Anyway, on my PC I've installed the free Bitdefender anti ransom app as a precaution.
Soldato
- Joined
- 18 May 2010
- Posts
- 23,609
- Location
- London
Shadow copies not there
Could you imagine we reach a point where we are all running dedicated anti-ransomeware software.
Last edited:
Could you imagine we reach a point where we are all running dedicated anti-ransomeware software.
For a price
I have an excuse, my eyes start to blur around 2:30 early morning and I an't be sure what I'm clicking.
Last edited:
What will shift it then? I already mentioned I installed the Antiransom ware app from Bit defender as a precaution. This was in p art due to me reading it nicks your email friends lists and then proliferates by sending out emails pretending to be from people you know.
Not true, if there are any mapped drives it'll go through those as well and encrypt anything it has permission to do so.
Probably not the case with locky (though it could have been deployed as the payload of other malware) but there are increasingly variants out there or bundled malware which will attempt to infect the network before then infecting/triggering the cryptolocker stuff. So its a good idea to mount any backups with read only or recover from a copy taken of the backups elsewhere, etc.