About this crypto virus locky

[H13]

Hi ,

Goodday my friends ..
i have nas storage inf acted with Virus locky .. have u face this virus before .. there is any solution ?

thanks for help

[galaxy]

http://howtoremove.guide/locky-virus-fi ... n-removal/


READ THIS TOPIC

[H13]

Thanks Galaxy for ur help ..

but it's not a computer .. it's Nas storage ..
i will read and see ..

thanks

[MindMergepk]

read here.
http://www.kmitldss.org/kmitldss/articles/fde_p3.pdf

[DR-Kiev]

http://howtoremove.guide/locky-virus-file-encryption-removal/


READ THIS TOPIC

This artical advertising RECUVA software to buy it. It doesn't help to decrypt affected files. It helps only to restore some deleted files which wasn't encrypted, this can do any other data recovery software, and IMHO RECUVA is not the best one

[after_dark]

Hello, me and my brother got hit by Locky, a few days ago. We had many files on a NAS too. We called an IT expert and he was able to find out how it entered our PC. He asked us if we have a backup but we said no, as our NAS was infected as well. He left a note in English about it, that we thought to share:

"TROJ_LOCKY.DLDRA is the name of the trojan. Downloaded through svchost.exe. Locky Ransomware new version was installed. Files encrypted with .locky extension."

Now that we know about this ransomware, we are trying to find if we can restore our files. Recuva software did not work. We are searching the internet for information about the file restoration. Any help will be valued.

[northwind]

There is absolutely no way to decrypt locky. Yet.

[shahij]

There is absolutely no way to decrypt locky. Yet.

Agree

[colanco]

The encrypted file name is changed to random characters or just add .locky ???

[after_dark]

So, we have found the following article where some methods for restoring files from Locky were mentioned at the end.

http://sensorstechforum.com/remove-lock ... ted-files/

Stellar Phoenix Data Recovery mentioned there, worked! It only restored a few pictures and documents, but it is something!

http://www.stellarinfo.com/

@northwind and @shahij - we also didn't find any working decryption method, but with some Data Recovery software it appears you can restore a tiny portion of files...

[colanco]

if encrypted files keep the original name , not the locky authentic and whether they can be decrypted .
if the name is changed to random characters , can not be decrypted

[after_dark]

@colanco, the extension is .locky of every file, but they are all locked. Me and my brother couldn't find any decryption method (at least for now - we'll continue looking).

Apparently the ransomware deletes original files and locks their copies, so that's how a Data recovery program can recover some files. I wonder why the effect was so little if all files got deleted. Maybe it doesn't delete all files but uses a random principle?

[colanco]

The extension is .locky, ok, but the file name is the original or changed by random characters ????

[after_dark]

The extension is .locky, ok, but the file name is the original or changed by random characters ????

The file names are the same as before. Only the extensions are changed (like .doc is now .doc.locky).

EDIT: We have tried reverting the names back by deleting the locky extension and also trying burning the files to DVDs if we can change them somehow but that doesn't work...

[jermy]

but that doesn't work...

Of course not, the files are encrypted

[colanco]

is AutoLocky , can be decrypt.

AutoLocky is a new ransomware written in the popular scripting language AutoIt. It tries to imitate the complex and sophisticated Locky ransomware, but is nowhere near as complex and sophisticated, which makes decryption feasible.

Victims of AutoLocky will find their files encrypted and renamed to *.locky. Unlike the real Locky ransomware however, AutoLocky will not change the base name of the file. So if a file named picture.jpg is encrypted, AutoLocky will rename it to picture.jpg.locky while the actual Locky ransomware will change it to a random name.

PM sent.

[after_dark]

@jermy - now we know.

@colanco - THANK YOU! It worked and all files seem to be restored - some files on the NAS are still encrypted, but they might be corrupt and they are not too important. We will try to copy them and decrypt on a PC...

[S.K.]

I HAVE PROBLEM OF CRYPZ EXTENSION AFTER THE ORIGINAL FILE NAME. PLEASE SUGGEST HOW TO DECRYPT THE FILES.

THANKS

[higgsboson]

Hi
From Where in India. We can recover partial data. PM your details.

[colanco]

It is CryptXXX 3.x.

There are several partial methods, with different result, but not a complete solution at this time