A ransomware by the name of PowerLocky reportedly surfaced on the virus scene. The ransomware encrypts your files and asks money for their decryption. PowerLocky’s ransom note demands $500 or about 0.75 BTC. Victims of the virus should avoid paying, as there’s no guarantee their files would be properly decrypted. If your computer has been infected, you should try fixing your system by other, safer ways explored in this article.
Name |
PowerLocky Ransomware |
File Extensions |
.locky |
Ransom |
500 US Dollars or about 0.75 BTC |
Solution #1 |
PowerLocky ransomware can be removed easily with the help of an anti-malware tool, a program that will clean your computer from the virus, remove any additional cyber-security threats, and protect you in the future. |
Solution #2 |
PowerLocky Ransomware can be removed manually, though it can be very hard for most home users. See the detailed tutorial below. |
Distribution |
PowerLocky can use a variety of infection techniques. One possible distribution method is to spam e-mail masquerading as legitimate customer services of well-known companies. |
PowerLocky Ransomware – How Does It Spread
PowerLocky can use a variety of infection techniques. One possible distribution method is to spam e-mail masquerading as legitimate customer services of well-known companies. The-mail titles usually read like this:
- “Get your Windows upgraded for free”
- “Your Bank account has been suspended”
- “Your PayPal account was suspended”
The point is to write something provocative that users would click. Once they open the malicious link, they’ll get a malicious redirect that infects the computer. The infection might use:
- An exploit kit
- Malicious macros hidden in infected Microsoft Word or Adobe documents
- Malicious Java scripts
PowerLocky Ransomware – Up Close
Once the PowerLocky finds its way into a system, the ransomware it has the chance to drop its malicious payload. Targeted folders might include:
- %Documents%
- %Downloads%
- %Pictures%
- %Music%
- %Videos%
- %Contacts%
- %Favorites%
- %Searches%
- Google’s Folders
- Windows Defender’s Folders
- Mozilla Firefox’s Folders
- Internet Explorer’s Folders
- %AppData%\Local\Temp\
- %Desktop%
Once the encryption process is started, PowerLocky scans your system in search of files to encrypt. The following files may be encrypted if the ransomware virus detects them:
After encryptions, the files should be renamed to something like this
Nameoffile.text.locky
Once your files have been excrypted, Locky will leave an .html file named “_HELP_instructions.html” stating:
→“We present a special software Locky Decrypter
which allows to decrypt and return control to all your encrypted files.
How to buy Locky decrypter?
1. Download and install Multibit application. This will give you your own Bitcoin-wallet address. You can find it under the “Request” tab. Paste this in the “Your BTC-address” field below.
2. Buy Bitcoins, the price is 500 $ / 0.74290893 BTC and send it to your own Bitcoin-wallet address, they will show up in the Multibit app that you installed earlier. From there, hit the “Send” tab. Send the remaining BTC (bitcoin) to this Bitcoin-wallet address: {Unique-BTC-Address}
Now submit the form below, only if you’ve actually sent the Bitcoins. Upon manual verification of the transaction, you will receive the decrypter through email within 12 hours. ALL of your files/data will then be unlocked and decrypted automatically, HTML ransom files will also be removed.
Do NOT remove HTML ransom files or try to temper files in any way, because decrypter will not work anymore.Please remember this is the only way to ever regain access to your files again!”
The message includes instructions to paying the ransom. The method of payment is chosen since it’s harder to trace.
PowerLocky Ransomware – How To Remove It
Paying the ransom is not advisable, as you’ll essentially be giving money to criminals. The best security option is to follow our step-by-step guide located bellow. If you fail to remove the ransomware by hand, there’s an alternative solution. Try using an advanced anti-malware tool. That can help you delete any malicious content on your computer. It will remove any malware without damaging the encrypted files.
PowerLocky has been encrypted with the powerful AES-128 algorithm. As of now, it’s direct decoding isn’t possible. If a decryptor gets soon, we’ll update this article to let you know. Until then, try the methods we described.
Ways to Restore INSERT Files
In conclusion, we strongly advise you to avoid paying the ransom. Don’t get involved in cyber-criminals’ malicious actions. It’s much better to invest the same amount of money in security means that will help you to resolve the current problem and ensure you future prevention from PowerLocky and other nasty cyber-attacks. It’s also worth trying available recovery options like Shadow Explorer (in case the ransomware hasn’t affected Shadow Volume Copies), Recuva or any data recovery software. You could also wait for available decrypter released by security experts.
Since malware attacks are increasing and users suffer from daily attacks, we have decided to make a tutorial which will help you delete malware, try and restore files in case they are encoded by crypto-viruses and protect yourself in the future as well.
PowerLocky Ransomware Removal
For a faster solution, you can run a scan with an advanced malware removal tool and delete PowerLocky completely with a few mouse clicks.
STEP I: Start the PC in Safe Mode with Network
This will isolate all files and objects created by the ransomware so they will be removed efficiently.
-
1) Hit WIN Key + R
- 2) A Run window will appear. In it, write “msconfig” and then press Enter
3) A Configuration box shall appear. In it Choose the tab named “Boot”
4) Mark “Safe Boot” option and then go to “Network” under it to tick it too
5) Apply -> OK
Or check our video guide – “How to start PC in Safe Mode with Networking”
STEP II: Show Hidden Files
-
1) Open My Computer/This PC
2) Windows 7
-
– Click on “Organize” button
– Select “Folder and search options”
– Select the “View” tab
– Go under “Hidden files and folders” and mark “Show hidden files and folders” option
3) Windows 8/ 10
-
– Open “View” tab
– Mark “Hidden items” option
4) Click “Apply” and then “OK” button
STEP III: Enter Windows Task Manager and Stop Malicious Processes
-
1) Hit the following key combination: CTRL+SHIFT+ESC
2) Get over to “Processes”
3) When you find suspicious process right click on it and select “Open File Location”
4) Go back to Task Manager and end the malicious process. Right click on it again and choose “End Process”
5) Next you should go folder where the malicious file is located and delete it
STEP IV: Remove Completely PowerLocky Ransomware Using SpyHunter Anti-Malware Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
STEP V: Repair Windows Registry
-
1) Again type simultaneously the Windows Button + R key combination
2) In the box, write “regedit”(without the inverted commas) and hit Enter
3) Type the CTRL+F and then write the malicious name in the search type field to locate the malicious executable
4) In case you have discovered registry keys and values related to the name, you should delete them, but be careful not to delete legitimate keys
Further help for Windows Registry repair
STEP VI: Recover Encrypted Files
-
1) Use present backups
2) Restore your personal files using File History
-
– Hit WIN Key
– Type “restore your files” in the search box
– Select “Restore your files with File History”
– Choose a folder or type the name of the file in the search bar
- – Hit the “Restore” button
3) Using System Restore Point
-
– Hit WIN Key
– Select “Open System Restore” and follow the steps
STEP VII: Preventive Security Measures
-
1) Enable and properly configure your Firewall.
2) Install and maintain reliable anti-malware software.
3) Secure your web browser.
4) Check regularly for available software updates and apply them.
5) Disable macros in Office documents.
6) Use strong passwords.
7) Don’t open attachments or click on links unless you’re certain they’re safe.
8) Backup regularly your data.