How to Remove Locker Virus and Restore Encrypted Files

How to Remove Locker Virus and Restore Encrypted Files

Ransomware

Locker is a file-encrypting ransom virus (ransomware) that encrypts your files using RSA-2048 encryption algorithm so they are not accessible and repairable without the unique encryption key. I've seen a few different versions of this ransomware so far: Locker v5.52, Locker v3.30, Locker v4.55, Locker v4.81 and Locker v2.60. Basically, it's the same ransomware only with different version numbers. I bet there are even more versions out there but I'm not quite sure why cyber criminals decided to do this. Anyway, no matter which version you have installed on your computer, it's the same ransomware. It does encrypt your files, it's not a joke. If you don't have backups you might be in trouble. This vicious malware is most definitely something that you would be well advised to finding out more about so that you are better able to protect yourself from an attack. It is also extremely useful to know why you shouldn't give in to ransomware's demands and what to do if you have been infected.

Locker virus payment page:

It demands to pay 0.1 BTC and gives information on how to buy Bitcoins. There's also a payment address which is unique for every victim.

What does Locker ransomware do?

You have probably already guessed that the clue to unlocking the way ransomware works is in its name. Locker has been created to kidnap your files or data, freeze them and make them inaccessible or unusable. After doing this the program will send you an updated version of the old fashioned ransom note, demanding that you pay 0.1 BTC (about $25) for your files to be released or unlocked. Once you've paid (which, by the way, you shouldn't – more of that in a minute) you will be sent a code that allows you to unlock your encrypted files. But when we say 'you will be sent' don't take that at face value as many cyber criminals using Locker ransomware will not bother to send you anything, simply taking your money and disappearing, never to be heard of again. And don't think you'll be able to negotiate with them either – these types of people don't tend to have a customer care helpline.

And that's not all...

So that they can ensure you will be more likely to pay, victims of Locker will turn the fear factor up to eleven. You're already wondering if you're ever going to see your files and the data they contain again, but to pile even more stress upon you, many of these so called ransom notes will either tell you that they have been sent by a law enforcement agency, such as the FBI or CIA, or tell you that the unlock code will become invalid and your files destroyed if you don't pay by a certain date. In this case, cyber criminals give you 3 days to pay the ransom. The Locker ransom program says:

All your personal files on this computer are locked and encrypted by Locker [ver]. The encrypting has been done by professional software and your files such as: photos, videos, and cryptocurrency wallets are not damaged but just not readable for now. You can find the complete list with all your encrypted files in the files tab.

The encrypted files can only be unlocked by a unique 2048-bit RSA private key that is safely stored on our server till [date]. If the key is not obtained before that moment it will be destroyed and you will not be able to open your files ever again.

Obtaining your private unique key is easy and can be done clicking on the payment tab and pay a small amount of 0.1 BTC to the wallet address that was created for you. If the payment is confirmed the decryption key will be sent to your computer and the Locker software will automatically start the decrypting process. We have absolutely not interest in keeping your files encrypted forever.

You can still safely use your computer, no new files will be encrypted and no malware will be installed. When the files are encrypted Locker [ver] will automatically uninstall itself.

It's very similar to BitCryptor ransomware. It shows time remaining, lists all the encrypted files and gives you a personal Bitcoint wallet address.

What do I do? Pay the fine and make the problem go away?

It's not a good idea but if you really really care about the files, pay the ransom, although no guarantee that you'll get the files back. Besides, by paying you'll be perpetuating cyber crime. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!


Written by Michael Kaur, http://deletemalware.blogspot.com

IMPORTANT! Before running anti-malware software and trying to restore your files COPY the encrypted files, your Bitcoin wallet address (see under Payment tab) and %PROGRAMDATA%\rkcl, %PROGRAMDATA%\tor, %PROGRAMDATA%\steg or %PROGRAMDATA%\Digger folder (with files) to external hard drive, CD/DVD or a USB flash key. You should have these in case you decide to pay the ransom or someone creates a decryption tool.



The ransomware is also known to disable certain system features like system restore, delete shadow copies, and prevent the uninstalling of software. This makes it incredibly difficult to remove it or roll back to solve the issue.

Step 1: Removing Locker and related malware:

Before restoring your files from shadow copies, make sure Locker virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by Locker virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Use Locker Unlocker decryption tool. This tool is designed to decrypt files encrypted by the Locker ransom virus.

Method 4: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Ditulis soni agus Pada 11.23 Komentar

How to Remove Bit Cryptor Virus and Restore Encrypted Files

How to Remove Bit Cryptor Virus and Restore Encrypted Files

Ransomware

Bit Cryptor or BitCryptor is a file-encrypting ransom virus (ransomware) that encrypts your files using AES-256 encryption algorithm so they are not accessible and repairable without the unique encryption key. In order to get the key and decrypt your files you need to pay a ransom of 1 bitcoin which is currently about $240. It targets all version of Windows. Files stored on Network-Attached Storage (NAS) and other computers on the same network can be encrypted as well. Just like any other ransomware it scans your computer for data files and then encrypts them silently in the background. Most users probably won't even notice anything suspicious. Once the ransom virus has encrypted your files it will display a Bit Cryptor program that contains instructions on how to get your files back. As you can see, it has a countdown clock and apparently the ransom cost will increase if you won't pay on time. Each victim has a unique bitcoin payment address. Cyber criminals allow you to decrypt one file for free.

You know as well as I do that as we all spend increasingly large portions of our waking lives working, playing, shopping and browsing online, the higher the risks of contracting a computer virus or being infected by ransomware are. There is big money to be made in the cyber crime industry and malicious programmers are creating online attackers that are now more sophisticated than ever before. It's like watching a dog chase its tail, watching antiviruses and malicious software play this endless game of outsmarting each other with their creations. But where does that leave us – the people who rely on the internet to earn money, relax or simply keep our busy lives in order? Well where we're left is in the position of now having to be increasingly alert if we want to defend ourselves from becoming yet another faceless victim in the online war.

But the issue is that because the two sides of good and evil are constantly battling to stay one step ahead of each other, ransomware is constantly reinventing itself and finding new ways to cause havoc on our PCs or extort our hard earned cash from us. Bit Cryptor is a good example of how cyber criminals constantly improves their malware making it more sophisticated and dangerous. This particular variant, unlike most ransomware, block Task Manager and other program that can be used to disable it. As a result, it might be difficult to run anti-malware software and remove the ransom virus. Bclock.exe is the main process of this ransomware. It's usually located in C:\Users\[YourUserName]\AppData\Roaming\Microsoft\Windows\ folder. So, in case you can't open anti-malware programs or Windows tools, try to remove or at least disable the bclock.exe program first. If you can't do this using Task Manager, try Process Explorer. There's also a filelist.locklst file which contains a list of all files encrypted. Don't delete it. It's not dangerous and besides you may still need it.

Here's how BitCryptor Your files have been encrypted wallpaper stored in %Temp%\wallpaper.jpg looks like:

What is ransomware?

Ransomware is, to put it frankly, a nightmare. Yes, Bit Cryptor is a nightmare too. Not only does it try and con you out of money, it also causes major issues on your computer, and it can cause you very real stress and upset too. It certainly is something that is worth taking the time to learn a little more about. Ransomware seems to come and go so read on and make sure that the next time it's doing the rounds you stand the best possible chance of not falling victim to it.

You're probably already one step ahead at this point and have guessed that ransomware is a type of malware that operates by holding you hostage. Actually, it holds your files, data, programs or operating system to ransom, but when your life is stored on our computers it may as well be you! In a nutshell, ransomware will kidnap, or lock, your computer and hold it hostage until you pay a release fee. It also display a ransom note in a text file, not just the Bit Cryptor decryptor window.

Your personal documents and files on this computer have just been encrypted.
The original files have been deleted and will only be recovered by following the steps described below.
Click on "Show encrypted files" to see a list of files that got encrypted.

The encryption was done with a unique generated encryption key (using AES-256).
This means that encrypted files are of no use until they get decrypted using a key stored on a server.

This server will only release the key if the amount of Bitcoins (displayed left of this window) is send to the Bitcoin address shown on the left of this window.

Each time the timer expires, the total cost will raise with the starting price.

...

How does Bit Cryptor infect you?

Like most types of malware, Bit Cryptor will infect you through a program, file or app that you have downloaded. Some ransomware attacks websites, infecting them and then you the visitor by default. Other ransomware is hidden in an attachment sent in a spam email or instant chat application. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

What to do when this ransomware attacks?

Don't panic. And DON'T pay a ransom. Instead, follow the removal guide below on how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who knows, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Step 1: Removing Bit Cryptor and related malware:

Before restoring your files from shadow copies, make sure Bit Cryptor virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

IMPORTANT! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again. Also, try to disable bclock.exe using Process Explorer.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by Bit Cryptor crypto virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Ditulis soni agus Pada 11.49 Komentar

Remove 'Los Pollos Hermanos' Crypto Virus and Restore Encrypted Files

Remove 'Los Pollos Hermanos' Crypto Virus and Restore Encrypted Files

Ransomware

Los Pollos Hermanos crypto virus (ransowmare) has begun spreading in Australia and some other countries. If you are a fan of Breaking Bad then you will immediately notice that cyber criminals reference this TV show by using the Los Pollos Hermanos branding image in ransom demand. They even use a theonewhoknocks @ mailinator.com email for "support related inquiries". That's another reference to the popular TV show. Another than that, it's just another ransom virus from the CryptoLocker ransomware family that encrypts your files and then demands that you pay a ransom ($450 to $1000 AUD) in order to decrypt your files. It's not the most innovative and sophisticated ransommware but it does encrypt your files using the Advanced Encryption Standard (AES) encryption algorithm and you can't really decrypt them without the private key. So, I guess we could say that 'Los Pollos Hermanos' virus does its job well.

I'm sure you're no stranger to the fact that the more time we spend online these days, the more we are putting ourselves at risk of becoming a victim of some sort of virus, phishing scam or malicious software program. And it's a real cat and mouse game for as soon as one of the programs, operating systems, or applications we use releases a new version or patch, the malware programmers and scammers that inhabit the darkest corners of the internet will release their 'upgraded' – i.e. more dangerous version too.

So what should you do if you want to get the best possible protection in the face of all these threats that are just waiting to do us harm? The main thing is to ensure that you are always as well informed as possible when it comes to online issues that could cause you very real problems. And one type of malware that you should increase your knowledge about is ransomware, in this case the so-called "Los Pollos Hermanos" virus. Trust us; this is something that I can guarantee that you are not going to want installed on your computer.

A closer look at 'Los Pollos Hermanos' ransomware

Most malware is named pretty accurately. For example, adware is software that bombards you with adverts. Spyware is software that spies on you. Therefore if you're thinking that ransomware might just be something that will hold you to ransom, then go straight to the top of the class! A Los Pollos Hermanos ransom attack results in you, or rather more accurately, your files being held hostage. It kidnaps your data and demands payment from you to release it. It's a good old fashioned method of extortion, repackaged and upgraded for the twenty first century. This ransom virus attack the most common file types, so expect that your work documents and images will be encrypted. Once this crypto virus encrypts your files it will display a ransom note:

Your important files have been encrypted: photos, documents, videos, etc.
If you want to decrypt your files you must pay the fee of $450 AUD
Failure to pay within the specified time will mean you must pay $1000 AUD
For support related inquiries contact:
theonewhoknocks[edited]@mailinator.com

I have ransomware on my computer. How did it get there?

'Los Pollos Hermanos' ransomware, like virtually all types of malware, attacks your computer when you download something that has been packaged with it. This could be anything from some software, an app or a file – and the host program may or may not know that ransomware is included. Similarly this ransomware can also be spread via spam emails that have infected links or attachments in them. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

Has my data been kidnapped?

If there's one (albeit it dubious) thing to be said for ransomware is that it is extremely easy to know if you've been targeted. This is not a subtle attack: it is after your dollars after all! You will usually experience the following:

• You are unable to open a program or document on your computer
• You are shown a 'ransom note' in the form of a pop-up window, a full screen message, or perhaps an email

So should you pay the ransom? Absolutely not! Paying these people only perpetuates their belief that they are onto a good thing, so don't pay anything or click on any links or buttons. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who know, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Step 1: Removing 'Los Pollos Hermanos' and related malware:

Before restoring your files from shadow copies, make sure 'Los Pollos Hermanos' virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by 'Los Pollos Hermanos' crypto virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Ditulis soni agus Pada 12.16 Komentar

Encrypted Files (.exx extension) Malware Removal Guide

Encrypted Files (.exx extension) Malware Removal Guide

Ransomware

Today we are going to take a look at a particularly unpleasant type of malicious software that encrypts your data and appends the .exx extension to file names. Ladies and gentleman, allow me to introduce you to ransomware. In this case it's a new variant of TeslaCrypt ransomware. At the beginning of this month I wrote about Alpha Crypt ransomware which is a slightly modified version of TeslaCrypt. And now, we have a new or slightly modified variant that uses the .exx extension. It's detected as Win32/Filecoder.EM or Win32/Filecoder.ER by some anti-virus engines. But other than that the only difference is the file extension. If your computer is infected with this ransomware you will notice that your files changed to *.pdf.exx, *.avi.exx, *.jpeg.exx, *.docx.exx, *.xls.exx, etc. The ransom will likely change your wallpaper with information and links on how to get your files back. There might also see a decryptor window with the same information.

Taking a more in depth look at .exx ransomware

Ransomware is among the types of malware that is looking to make a dent in your bank account by conning you out of your hard earned cash. In this instance it demands a ransom in return for releasing your data that it has held hostage, or the ability to use your computer.

It does a number of things to coerce you into parting with your money. Here are the most common ones:

• It can change your default browser settings so that you have trouble accessing the internet. This has the double pronged benefit (for the attacker) of not only frustrating you into paying the ransom but it also makes it harder for you to find a resolution to get rid of it.
• Ransomware can also disable your files and documents by encrypting them. As you already know, it encrypts your files and appends the .exx extension. That's the only thing you can use to identify which ransomware do you have on your computer. In other words, holding them hostage until you pay the ransom. The warning sent by the attacker, either by email or displayed on your screen, will state that they will send you a code that you can key in, in order to deactivate the ransomware and release the data. However, this is often not the case and you will be quite literally paying (a not inconsiderable amount) of money for absolutely nothing. Ransom notes are usually HELP_TO_SAVE_FILES.txt and HELP_TO_DECRYPT_YOUR_FILES.txt. You can wind the in each folder with at least one encrypted file.
• Some types of ransomware are designed to look like antivirus software and will display a pop-up warning saying that your PC is infected with a virus or malware. It will scare you into paying to install the program so that it can clean your machine. Of course, it’s not going to alert you to its own presence, so again, you will be paying for a fake scan, fake viruses, and a software program that does absolutely nothing.

One of the main issues with ransomware is that is can be extremely difficult to remove – sometimes even impossible, which is why it is important that you back your files and data up on a regular basis. Having this saved and stored on a hard drive or another computer makes you less likely to cave in and pay any ransom that is demanded of you.

So I shouldn't pay a ransom?

If you've been infected by ransomware that uses the .exx extension to make your files inaccessible, no, you really should not pay a release fee. Firstly, by giving in to cyber criminals, you are only convincing them that they are in the right line of business. Secondly, chances are, as mentioned, you are paying for thin air. There's no guarantee that they will decrypt your files. At the time I was analyzing this rabsomware, cyber criminals demanded to pay 2.2 Bitcoins which is more than $500. The decryption service can be accessed by using Web to Tor services: dlosrngis35.com, anfeua74x36.com, tor2web.blutmagie.de. Cyber criminals wrote a very detail guide on how to buy bitcoins and even made a support ticket system in case you have any questions.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .exx. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Step 1: Removing .exx extension ransomware (TeslaCrypt) and related malware:

Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by .exx extension (TeslaCrypt) virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Try the TeslaCrypt Decryption Tool by Cisco. Download TeslaDecrypt tool and run it.

Method 4: Try the TeslaDecoder Decryption Tool. Download TeslaDecoder tool and run it.

Method 5: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Ditulis soni agus Pada 11.37 Komentar

Encrypted Files (.encrypted extension) Malware Removal Guide

Encrypted Files (.encrypted extension) Malware Removal Guide

Ransomware

If all your files are encrypted with an .encrypted extension then your computer is infected with the Crypt0L0cker ransomware. It's very similar to the CryptoLocker but encrypts files in a slightly different way. It basically scans your computer and encrypts any files that do not match an exclude list (a list of files that cyber criminals think could cause a problem with Windows, mostly system files). Once a file is encrypted this ransomware appends the .encrypted extension to the file name, so for example your Word document becomes project.docx.encrypted instead of just project.docx. The same thing happens to all other files that are encrypted. They become inaccessible and you can't just simply decrypt them because Crypt0L0cker uses a rather sophisticated and strong encryption algorithm. When a file is encrypted it will append the .encrypted extension to the file name.

The majority of people working or playing with computers have heard of a good number of the assorted malicious software programs that are out there. We all know the threat of Trojan Horses, the sinister tactics of Spyware, the aggravating Adware and the pest that is Potentially Unwanted Programs, and let's not forget vicious viruses. However there is one type of malware that never seems to garner the same levels of notoriety as its cousins, and that is something named Ransomware. So what exactly is Crypt0L0cker ransomware and is it something that you should be overly concerned about if it's not as well known? In a word: yes. Crypt0L0cker most definitely IS something you should know a little more about, and do your utmost to protect yourself from.

Here we are going to take a closer look at what ransomware is, how it spreads itself, what it can do to your files and PC - and more importantly - how you protect yourself from becoming a victim.

How does ransomware take control of your PC?

The Crypt0L0cker (.encrypted) ransomware is spread in a number of different ways; all of them seemingly innocuous, and therefore increasing the chances of us falling prey to the malware. Sometimes this ransomware is disseminated by email attachments or in links in mails or instant messages. Just a few days ago the AFP warned about AFP traffic infringement scam that distributed this ransomware.

The Trojan dropper is detected as TR/Crypt.Xpack.197573, Trj/RansomCrypt.C and Win32:Crypt-SAR [Trj]. Some users got caught by this virus campaign and immediately noticed that all jpeg, pdf and doc files had the extension ".encrypted" after them. Other variants of this ransomware are unleashed by programs or even entire websites that have been infected by it. So what do you need to do to lower your likelihood of being attacked? You need to be careful when opening emails and instant messages – especially if you don't know the sender – and of course you should exercise extreme caution when opening attachments, images, files or links within them. You also need to be very careful when downloading apps or programs in case they have been compromised. It's hard to say that you should also watch what websites you visit, as any site can be targeted by malware but the general rule of thumb is to avoid anything that your instincts tell you is low quality or contains dubious content.

What is Crypt0L0cker's MO?

Ransomware, as you may have already guessed, exists to extract money from you in the form of a ransom. And to do this it needs to hold something hostage, in this case, your computer.

A ransomware attack paralyses your operating system, leaving you unable to open files or programs. When you try, you'll be hit with a ransom note sent by email or displayed on your screen telling you that you have been found to have downloaded illegal or pirated software or accessed a website of an illicit nature. It then demands a sum of money in return for the release of your documents or system.

Even worse, some ransomware will tell you that you are now on a watch list and about to be investigated for your alleged cyber crimes by the government or police! Clearly this is to convince you to pay the ransom, however, don't give in, but follow the steps in the removal guide below. First, you should remove the ransomware and any other related malware from your computer. Secondly, don't pay the ransom and try to restore your files with the tools listed below. If you back up your files regularly, you can retrieve some of your information, if not all of it, if your files suddenly become encrypted and have this odd *.encrypted extension. If you don't have any backups then you can try to restore at least some of your files with Shadow Explorer and other Windows system tools. If you have any questions, please leave a comment down below. Good luck and be safe online!

Written by Michael Kaur, http://deletemalware.blogspot.com

Step 1: Removing Crypt0L0cker (.encrypted) and related malware:

Before restoring your files from shadow copies, make sure Crypt0L0cker virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by Crypt0L0cker (.encrypted) virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.



3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.



Hopefully, this will help you to restore all encrypted files or at least some of them.

Ditulis soni agus Pada 12.21 Komentar