Our removal article will show you how to remove iLock ransomware infections from your computer.
About The iLock Ransomware
The iLock Ransomware is a new malware that is also known as iLocklight or Lortok. The first malware samples were identified in March 2016 and the virus has been used in several attack campaigns since then.
This is actually one of the first viruses that uses the Anonymous theme and impersonates the famous hacker group. Upon infection the encryption module encrypter.pdb is placed to the following location :\Users\admin\Documents\Visual Studio 2013\Project\iLock\encrypter\obj\Debug\encrypter.pdb.
Furthermore the virus may also modify several registry values which are used to add the iLock ransomware to startup process. Most of the related malware also removes all Volume Shadow Copies on the infected machines which prevents the users to recover their files.
The built-in encryption module locates and targets the most commonly user data. This includes all documents, multimedia files – audio, video and photos, configuration files, virtual machines and databases.
Depending on the ransomware strain there are two versions that feature English or Russian speaking ransom note. They are contained in files named WARNING OPEN-ME.txt en ВНИМАНИЕ_ОТКРОЙТЕ-МЕНЯ.txt respectively. Here is a sample message taken from the English note:
Hello, all your files are encrypted, please contact us to restore them. To do this. open label ‘online consultant’, which is on the desktop or double-click the left rouse button on any encrypted file.
if for some reason you can not contact us via the ‘Live chat’ contact us through the contact is offline: 1) Download the ‘Tor Browser for windows’, yod can download it here https://www.torproject.org/download/dmanload-easy.html.en 2) install and run ‘Tor Browser’ 3) click on the link ‘http: //3goSagjlesrudfml.onion/ id useritil. id, & Hashro userProfile.dashiD, ‘At’ Tor Browser ‘- (ATTENTION, the site is available only through the’ Tor Browser ‘) 4) Follow the instructions on the website
1) Attention, ‘overwrite / rollback’ of windows does not help to restore files but can ultimately damage chew, and even then we will not be able to restore them.
2) Antivirus nod32, drweb, kaspersky, etc. will not help you decrypt the files, even if you buy them a license for 10 years, they will still not restore files.
3) To encrypt files using ASS which was established in 1908. for 17 years, no one on tarth could not crack the encryption algorithm, even the NSA.
4) The key to other users you will not work, since each user a unique key, so do not expect that someone will pay and will lay the key to decrypt the files.
About encryption .AES256′ on ‘winrar’ exanple, each file was placed in the file ‘winrar’, to archive ‘winrar. put password of 256 characters: 1) Open the file only by typing your password 2) Delete ‘hinrar’ file is archiveo and can not open it. 3) kven if you move the file to another windows. it will still require a password to open. 4) if you ‘reinstall / revert’ win:ohs, the archive ‘wlnrar’ will archive and to open still need ‘wlnrar’ and password of 256 characters.
rou can malt until someone through 60 years will crack was256 encryption algorithm. and after 60 years to restore the files, or to pay for the key and restore files in a couple of hours, the choice Is yours! https://ru.wikipedia.org/wiki/Advanced_ancrypcion_standard
The iLock ransomware features a live chat module which runs on the TOR anonymous network.
How Does The iLock Ransomware Infect Computers
The iLock ransomware is distributed via different infection methods. The most commonly used ones are spam email campaigns, direct hacking attacks and dangerous add-ons such as browser hijackers.
The spam messages are of two types – they either attach the malicious payload directly to the messages or contain hyperlinks to hosted versions of iLock ransomware.
How To Remove The iLock Ransomware and Recover Affected Files
You can use a trusted anti-spyware solution to remove active infections and protect your computer .