Virus encrypted files with .locky extention

[BeyondRico]

hi there,

 

So someone out of my family just called me to tell that his pc was having a virus. the virus is deleted now but all his pictures and word documents are encrypted with a .locky extention.

does one of you know a way to decrypt those files, there is no backup so i would love if someone could help me with this problem.

[themctipers]

Try renaming the .locky extension to .docx or .png or something like that.

 

[BeyondRico]

15 minutes ago, themctipers said:

Try renaming the .locky extension to .docx or .png or something like that.

 

i think it's not that easy, all those files are locked with a  RSA-2048 and AES-128 encryption. 

[themctipers]

1 minute ago, RSmeets said:

i think it's not that easy, all those files are locked with a  RSA-2048 and AES-128 encryption. 

Well you're screwed..

[Thx And Bye]

I think locky isn't hacked yet. And since its already a little older there isn't anything to be expected.
So you have two options: Hope that there will be a way to decrypt the files or delete everything and create backups the next time. (like you / your family member should've done anyway)

[positivePXL]

30 minutes ago, RSmeets said:

. . .all his pictures and word documents are encrypted with a .locky extention. . .

And this is why I am paranoid.

[BeyondRico]

4 minutes ago, Thx And Bye said:

I think locky is not hacked yet. And since its already a little older there isn't anything to be expected.
So you have two options: Hope that there will be a way to decrypt the files or delete everything and creates backups the next time. (like you should've done anyway)

it's not my pc so i know they should have made a backup, but it's too late for a backup now.....

anyways i am going to wait and hope there will be an decrypter soon

[Thx And Bye]

7 minutes ago, RSmeets said:

anyways i am going to wait and hope there will be an decrypter soon

You can put all the encrypted files (any the key you get from locky, without the key you are out of luck in any possibe way) to a other drive, but like i said: Since locky is already pretty old (more than 4 weeks) don't expect anything to be released for decrypting.

Petya took ~2 weeks to be hacked and the ransomware "Jigsaw" was pretty much instantly hacked.

I don't know of any other ransomware out of my memory.

 

EDIT: As i recall correctly there is more than one locky version out there. (not 100% sure) So even if there might be a decrypter in the future, it might not apply to your version.

[BeyondRico]

1 minute ago, Thx And Bye said:

You can put all the encrypted files to a other drive, but like i said: Since locky is already pretty old (more than 4 weeks) don't expect anything to be released for decrypting.

Petya took ~2 weeks to be hacked and the ransomware "Jigsaw" was pretty much instantly hacked.

I don't know of any other ransomware out of my memory.

on some other forums i found a program that could decrypt those files. only the link is not working anymore(this is the other site).

 

[Thx And Bye]

3 minutes ago, RSmeets said:

on some other forums i found a program that could decrypt those files. only the link is not working anymore(this is the other site).

 

Locky is much newer than 31 May 2015. So if they haven't had a time machine, that does not apply to your files anyways.

[BeyondRico]

6 minutes ago, Thx And Bye said:

Locky is much newer than 31 May 2015. So if they don't have had a time machine, that does not apply to your files anyways.

oke thanks anyways. i hope they  will find a way to decrypt those files

[VulcanAndroid]

 

50 minutes ago, RSmeets said:

hi there,

 

So someone out of my family just called me to tell that his pc was having a virus. the virus is deleted now but all his pictures and word documents are encrypted with a .locky extention.

does one of you know a way to decrypt those files, there is no backup so i would love if someone could help me with this problem.

Chances are the system is gone. Ransomware is one of the most evil hacks designed... My best suggestion is to format the hard drive and reinstall with a fresh OS. If you want to MAYBE recover the data, install a new HDD into the computer and save the infected HDD till you can find a decryption algorithm. That way at least the person can have a working system for the time being.

[positivePXL]

And tell him to get a program that sandboxes his browser so this never happens again.

[Thx And Bye]

4 minutes ago, positivePXL said:

And tell him to get a program that sandboxes his browser so this never happens again.

Locky most probably comes via a word files that contains macros. So only sandboxing the browser wouldn't've helped anything if the document would be opened without the sandbox or coming as a attachment from an email.

Backups are pretty much the only thing you can to to ensure you won't have any data loss. (and that not only from ransomware)

[positivePXL]

Which is also why I refuse to install Office, or download attachments off of emails (from anybody).

[LeeFazackerley]

I have recently had a network hit with this virus, depends on how desperate you are to retrieve the data and if you're willing to pay but the guys below were great and managed to decrypt over 16,000 files. 

 

http://www.redmosquito.co.uk/services/data-recovery-2-2

 

Good luck! 

[BeyondRico]

1 hour ago, VulcanAndroid said:

 

Chances are the system is gone. Ransomware is one of the most evil hacks designed... My best suggestion is to format the hard drive and reinstall with a fresh OS. If you want to MAYBE recover the data, install a new HDD into the computer and save the infected HDD till you can find a decryption algorithm. That way at least the person can have a working system for the time being.

the os is fine the only thing is those encrypted files. so i need to decrypt them that's it

[BeyondRico]

15 minutes ago, LeeFazackerley said:

I have recently had a network hit with this virus, depends on how desperate you are to retrieve the data and if you're willing to pay but the guys below were great and managed to decrypt over 16,000 files. 

 

http://www.redmosquito.co.uk/services/data-recovery-2-2

 

Good luck! 

is it available in the netherlands?

[LeeFazackerley]

20 minutes ago, RSmeets said:

is it available in the netherlands?

I don't see why not, they operate via you uploading your 'locked' files in their Dropbox account, they do the fiddling around and drop it back to you! 

[VulcanAndroid]

1 hour ago, RSmeets said:

the os is fine the only thing is those encrypted files. so i need to decrypt them that's it

I wish you luck in your attempts. My attempts have all failed in the past. Perhaps you will do better.

[Collide]

I had problems with Locky virus and free ShadowExplorer tool helped me to restore 50% of encrypted files from shadow copies!