Remove .zzzzz Locky Ransomware and Restore Encrypted Files


Important for Locky Ransomware victims!

ファイル, によって暗号化されました Lockyランサムウェア コンピュータに害を及ぼすのはそれだけではありません. Locky Ransomware may still be active on your machine and may spread to other computers on your network. あなたがまだ危険にさらされているかどうかを検出し、脅威を排除するため, SpyHunterをダウンロードすることをお勧めします.

SpyHunterをダウンロードする 5

SpyHunterの詳細情報 そして アンインストールガイド. 続行する前に, SpyHunterのをご覧ください EULA そして 脅威評価基準. SpyHunterのプライバシーポリシーは、 次のリンク. SpyHunterスキャナーは完全に無料であることに注意してください. ソフトウェアがウイルスを検出した場合, 遅延削除またはSpyHunterのフルバージョンを購入して削除することもできます. また, SpyHunterはファイルを復元できず、単に高度なマルウェア除去ソフトウェアであることに注意してください.

Yet another version of the notorious Locky has been released. It is most likely an updated variant of the .aesir file extension Locky, similar to what Cerber ransomware, the other big player in this segment does, coming up with multiple variants in short timeframes. This variant of locky uses a .js file for the infection, but it does not have it’s own command servers and is instead automated, researchers believe. In order to understand how to remove this virus and learn alternative methods to try and restore your files without having to pay the ransom, we advise you to read this article thoroughly.

What Does Locky Ransomware Do?

When it infects, the Locky virus uses a different file extension to encrypt files, than it’s previous variants – .zzzzz. Unlike those variants which use the name of Norse gods, this Locky uses 1 letter repeated five times for an extension, which is untypical. だけでなく、この, but e-mails that have archives, named order _{name of victim}.zip are utilized to infect users with malicious .js (JavaScript) files in them. The download locations of those files are one of the many distribution sites used by Locky.

After this malicious file is opened by the user, the ransomware gets right down to business. It creates a copy of the ransom note use with the name _1-INSTRUCTION.html. The ransom note file is also changed as a background on the victim computer, looking like the following:

ファイルの復号化は、秘密鍵と復号化プログラムでのみ可能です, All which is on our secret server.
1. [Redacted] 2. [Redacted] このアドレスのすべてが利用できない場合, 次の手順を実行します:
1. Download and install Tor Browser: HTTPS://
2. インストールが成功した後, ブラウザを実行し、初期化を待ちます.
3. アドレスバーに入力します: [Redacted] 4. Follow the instructions on the site.
!!! Your personal identification ID: [Redacted] !!!」

ザ・ INSTRUCTION.html file also has a similar ransom message:


Both sites aim to lead the victim whose files are encrypted by Locky’s .zzzzz variant to the traditional for this family of malware Locky Decryptor web page.


What Is Locky’s Encryption and Why I Cannot Open My Files?

The virus is one of the strongest when it comes to the encryption of the user files. 実際には, it is pre-programmed to encrypt a wide variety of file extensions, more than 400:

→ .001, .002, .003, .004, .005, .006, .007, .008, .009, .010, .011, .123, .1cd, .3dm, .3ds, .3fr, .3g2, .3gp, .3pr, .602, .7と, .7zip, .ARC, .CSV, .DOC, .ドット, .MYD, .MYI, .NEF, .PAQ, .PPT, .RTF, .SQLITE3, .SQLITEDB, .XLS, .aac, .ab4, .accdb, .accde, .accdr, .accdt, .ach, .acr, .行為, .adb, .adp, .ads, .aes, .agdl, .ai, .aiff, .ait, .al, .aoi, .apj, .apk, .arw, .asc, .asf, .asm, .asp, .aspx, .資産, .asx, .avi, .awg, .バック, .バックアップ, .backupdb, .後ろに, .バンク, .コウモリ, .ベイ, .bdb, .bgt, .ビック, .置き場, .bkp, .ブレンド, .bmp, .bpw, .brd, .できる, .cdf, .cdr, .cdr3, .cdr4, .cdr5, .cdr6, .cdrw, .cdx, .ce1, .ce2, .cer, .cfg, .cgm, .cib, .クラス, .cls, .cmd, .cmt, .設定, .contact, .cpi, .cpp, .cr2, .クロウ, .crt, .crw, .cs, .csh, .csl, .csr, .css, .csv, .d3dbsp, .dac, .インクルード, .dat, .db, .db3, .db_journal, .dbf, .dbx, .dc2, .dch, .dcr, .dcs, .ddd, .ドック, .drw, .dds, .の, .des, .設計, .dgc, .dif, .dip, .dit, .djv, .djvu, .沿って, .doc, .docb, .docm, .docx, .ドット, .dotm, .dotx, .drf, .drw, .dtd, .dwg, .dxb, .dxf, .dxg, .edb, .eml, .eps, .erbsql, .erf, .exf, .fdb, .ffd, .fff, .fh, .fhd, .fla, .flac, .flf, .flv, .flvv, .フォージ, .fpx, .frm, .fxg, .gif, .gpg, .グレー, .グレー, .グループ, .gry, .gz, .hbk, .hdd, .hpp, .html, .hwp, .ibank, .ibd, .ibz, .idx, .iif, .iiq, .ない, .indd, .私は、Wi, .jar, .java, .jnt, .jpe, .jpeg, .jpg, .js, .kc2, .kdbx, .kdc, .key, .kpdx, .kwm, .laccdb, .lay, .lay6, .lbf, .ldf, .lit, .litemod, .litesql, .ログ, .ltx, .lua, .m2ts, .m3u, .m4a, .m4p, .m4u, .m4v, .mapimail, .最大, .mbx, .md, .mdb, .mdc, .mdf, .mef, .mfw, .mid, .mkv, .mlb, .mml, .mmw, .mny, .マネーウェル, .mos, .mov, .mp3, .mp4, .mpeg, .mpg, .mrw, .ms11, .msg, .myd, .n64, .nd, .ndd, .ndf, .nef, .nk2, .nop, .nrw, .ns2, .ns3, .ns4, .nsd, .nsf, .nsg, .nsh, .nvram, .nwb, .nx2, .nxl, .nyf, .oab, .obj, .odb, .エピソード, .odf, .odg, .odm, .応答, .ods, .odt, .ogg, .oil, .onetoc2, .orf, .ost, .otg, .oth, .otp, .ots, .ott, .p12, .p7b, .p7c, .助けて, .ページ, .pas, .pat, .pcd, .pct, .pdb, .pdd, .pdf, .ペフ, .ペム, .pfx, .php, .pif, .pl, .plc, .plus_muhd, .png, .ポット, .ポットム, .potx, .ppam, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prf, .ps, .psafe3, .psd, .pspimage, .PST, .ptx, .pwm, .py, .qba, .qbb, .qbm, .qbr, .qbw, .qbx, .qby, .qcow, .qcow2, .qed, .r3d, .raf, .rar, .rat, .生, .rb, .rdb, .re4, .rm, .rtf, .rvt, .rw2, .rwl, .rwz, .s3db, .安全, .sas7bdat, .sav, .保存する, .say, .sch, .sd0, .sda, .sdf, .sh, .sldm, .sldx, .slk, .sql, .sqlite, .sqlite3, .sqlitedb, .sr2, .srf, .srt, .srw, .st4, .st5, .st6, .st7, .st8, .stc, .std, .sti, .stm, .stw, .stx, .svg, .swf, .sxc, .sxd, .sxg, .sxi, .sxm, .sxw, .タール, .tar.bz2, .tbk, .tex, .tga, .tgz, .thm, .tif, .tiff, .tlg, .txt, .一般に, .uot, .upk, .vb, .vbox, .vbs, .vdi, .vhd, .vhdx, .vmdk, .vmsd, .vmx, .vmxf, .vob, .wab, .ワッド, .財布, .wav, .wb2, .wk1, .週, .wma, .wmv, .wpd, .wps, .x11, .x3f, .xis, .xla, .xlam, .xlc, .xlk, .xlm, .xlr, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .ycbcra, .yuv, .zip

Files that have been encrypted will have the file extension with the repeaded “z” letter and become no longer openable. The encryption believed to be used for those files is AES-128 in combination with a cipher that is RSA-2048 and produces a unique decryption key for each infection.

After this is done, Locky ransomware may delete backups and other file history using the vssadmin command.

How Did I Get Infected With Locky .zzzzz?

All that it takes to become infected with Locky ransomware’s .zzzzz variant is to open a phishing e-mail that pretends to be a legitimate one. Here is an example of an infection, discovered earlier:

→ “Dear Customer,
配送予定と未処理の注文の詳細については, 来てください: {web link}
Your Order {order number}」

The e-mails have a malicious archive (.zip file) which is named “ORDER-{Number}.zip}」. If the user is inexperienced enough to download and open the malicious .js file in the archive which may pretend to be either a Microsoft Office or an Adobe document, they immediately become injected with a JavaScript protocol that causes the infection with Locky.

How To Remove Locky Ransomware and Restore Encrypted Files

In order to fully erase the virus we advise you to use an advanced anti-malware program in case you lack experience in malware removal. It will professionally delete all objects associated with Locky on your computer in a swift manner.

To try and restore your files you have several alternative methods lying before you:

  • データ復旧ソフトウェア.
  • Shadow Backups Restore (if intact)
  • Network Sniffer.
  • Try third party decryptors after backing up the encrypted files. (do not try them on the original copies of the encrypted files, only on other copies)

Those methods may not be 100% effective but they may be effective enough to restore at least some of your files.

SpyHunterの無料版のみすべての可能な脅威を検出するためにコンピュータをスキャンします. お使いのコンピュータから完全に削除するには, そのフルバージョンを購入. スパイハンターマルウェア除去ツールの追加情報/SpyHunterのアンインストール手順

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.