Σάββατο, 12 Μαρτίου 2016

Συναγερμός από τη Δίωξη Ηλεκτρονικού Εγκλήματος για τον ιό «Locky» - Κλειδώνει τους υπολογιστές


Την εμφάνιση του ιού «Locky» ανακοίνωσε η Δίωξη Ηλεκτρονικού Εγκλήματος, προειδοποιώντας του χρήστες των ηλεκτρονικών υπολογιστών για τις ζημιές που μπορεί να προκαλέσει.

Συναγερμός έχει σημάνει στη Δίωξη Ηλεκτρονικού Εγκλήματος από την εμφάνιση του ιού «Locky», ο οποίος κατορθώνει να κλειδώνει τους ηλεκτρονικούς υπολογιστές και στη συνέχεια ζητά λύτρα σε bitcoin για να τους ξεκλειδώσει.

Το συγκεκριμένο κακόβουλο λογισμικό αποτελεί εξέλιξη προηγούμενων και μπορεί να επηρεάσει κάθε λειτουργικό σύστημα.Ο ιός αυτός «κολλάει» είτε από e-mail με επισυναπτόμενα αρχεία είτε μετά από επισκέψεις σε επισφαλείς ιστοσελίδες.

Το κακόβουλο λογισμικό μετά την εγκατάστασή του χρησιμοποιώντας ένα εξελιγμένο σύστημα κρυπτογράφησης, κρυπτογραφεί – κλειδώνει διαφόρους τύπους ψηφιακών αρχείων, (ενδεικτικά: *.doc, *.docx, *.xls, *.ppt, *.psd, *.pdf, *.eps, *.ai, *.cdr, *.jpg, etc.), που είναι αποθηκευμένα στον ηλεκτρονικό υπολογιστή του χρήστη που έχει μολυνθεί από τον ιό, δίνοντας τους την κατάληξη «locky».

Στη συνέχεια εμφανίζεται μήνυμα για την καταβολή λύτρων με bitcoin προκειμένου να ξεκλειδωθεί ο υπολογιστής....


Η Δίωξη Ηλεκτρονικού Εγκλήματος καλεί τους χρήστες να μην πληρώνουν τα χρήματα που ζητούνται για το ξεκλείδωμα των αρχείων αλλά και να μην ανοίγονται links ή να μη γίνεται download συνημμένων αρχείων όπου δεν αναγνωρίζεται ο αποστολέας.

Παρακαλούμε τα παρακάτω σε ενέργειες μπορεί να μην είναι απόλυτα ΑΣΦΑΛΗ σε ΜΗ ειδικούς

Διαβάστε τα με δική σας ευθύνη:

‘.locky File Extension’ Ransomware Description
Ransomware Infections have become increasingly common in the last few years. Only in the first two months of 2016, computer users have come across hundreds of new ransomware infections and variants of previous ransomware threats. One of the most prevalent threats in this period is TeslaCrypt 3.0, a new version of a ransomware Trojan first released in early 2015. The '.locky File Extension' Ransomware is one of the many variants of this threat. This new version of TeslaCrypt closes a loophole that allowed computer users to help computer users recover their files previously. Variants of this threat have been released, each changing the victims' files' extensions to a different string. In the case of the '.locky File Extension' Ransomware Trojan, this is a TeslaCrypt 3.0 variant that changes encrypted files' extensions to LOCKY.
How the '.locky File Extension' Ransomware may Infect a Computer

The '.locky File Extension' Ransomware infection process is not difficult to understand. In fact, most encryption ransomware tends to follow the same approach when infecting a computer. First, the '.locky File Extension' Ransomware will be delivered using common threat delivery methods, in most cases a corrupted email attachment contained in a phishing email message. When the victim opens the harmful email attachment, the '.locky File Extension' Ransomware is installed on the victim's computer. The '.locky File Extension' Ransomware will perform a scan of the victim's computer, looking for files to encrypt using its AES encryption algorithm. The .locky File Extension' Ransomware Trojan will infect files with the following extensions:

.7z; .rar; .m4a; .wma; .avi; .wmv; .csv; .d3dbsp; .sc2save; .sie; .sum; .ibank; .t13; .t12; .qdf; .gdb; .tax; .pkpass; .bc6; .bc7; .bkp; .qic; .bkf; .sidn; .sidd; .mddata; .itl; .itdb; .icxs; .hvpl; .hplg; .hkdb; .mdbackup; .syncdb; .gho; .cas; .svg; .map; .wmo; .itm; .sb; .fos; .mcgame; .vdf; .ztmp; .sis; .sid; .ncf; .menu; .layout; .dmp; .blob; .esm; .001; .vtf; .dazip; .fpk; .mlx; .kf; .iwd; .vpk; .tor; .psk; .rim; .w3x; .fsh; .ntl; .arch00; .lvl; .snx; .cfr; .ff; .vpp_pc; .lrf; .m2; .mcmeta; .vfs0; .mpqge; .kdb; .db0; .DayZProfile; .rofl; .hkx; .bar; .upk; .das; .iwi; .litemod; .asset; .forge; .ltx; .bsa; .apk; .re4; .sav; .lbf; .slm; .bik; .epk; .rgss3a; .pak; .big; .unity3d; .wotreplay; .xxx; .desc; .py; .m3u; .flv; .js; .css; .rb; .png; .jpeg; .txt; .p7c; .p7b; .p12; .pfx; .pem; .crt; .cer; .der; .x3f; .srw; .pef; .ptx; .r3d; .rw2; .rwl; .raw; .raf; .orf; .nrw; .mrwref; .mef; .erf; .kdc; .dcr; .cr2; .crw; .bay; .sr2; .srf; .arw; .3fr; .dng; .jpeg; .jpg; .cdr; .indd; .ai; .eps; .pdf; .pdd; .psd; .dbfv; .mdf; .wb2; .rtf; .wpd; .dxg; .xf; .dwg; .pst; .accdb; .mdb; .pptm; .pptx; .ppt; .xlk; .xlsb; .xlsm; .xlsx; .xls; .wps; .docm; .docx; .doc; .odb; .odc; .odm; .odp; .ods; .odt

After the '.locky File Extension' Ransomware has infected the victim's files, the '.locky File Extension' Ransomware will change the affected files' extensions to LOCKY to indicate which files have been encrypted. The '.locky File Extension' Ransomware will also delete Shadow Volume copies of encrypted files as well as System Restore points, making it impossible for computer users to use alternate methods to recover their files. Sadly, it is currently not possible to decrypt the files encrypted by the '.locky File Extension' Ransomware without the encryption key, which is stored on the Command and Control server rather than in the '.locky File Extension' Ransomware infection itself.

The '.locky File Extension' Ransomware alerts the victim of the infection using text or image files dropped on the victim's computer. These messages will demand payment of a ransom worthing several hundred dollars through BitCoin or other anonymous methods. The following is an example of a ransom message commonly associated with the '.locky File Extension' Ransomware:



http://howtoremove.guide/locky-virus-file-encryption-removal/

Locky Virus File Encryption Removal


Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version. More information about SpyHunter and steps to uninstall.


This page aims to help you remove Locky Virus. These krypto-trojaner locky removal instructions work for all versions of Windows. We were recently asked in our reader’s comments about how to restore “locky datei” and we feel we should help users understand how to do it. To restore “locky datei” you will likely have to revert back to a previous date before the ransomware infected your PC. But, it may be very hard to do so, as the virus will undoubtedly try to hinder your process and may even succeed. This ransomware uses a different encryption method from most of its other peers – the AES-128 military grade encryption. The Aes-128 encryption is a step up for the creators of crime software, as it has previously not been exploited in such a way. Considering that the targets of this scam are predominantly German citizens, it is likely you will have your hands quite full. The _Locky_recover_instructions.txt ransom note is practically identical to a lot of others out there, so this is a general shoutout: DO NOT PAY UP!
.locky virus removal
locky virus removal
There are several reasons for this, the most notable of which are:
  1. If you pay, you will have to login with accounts that may already be exposed. If they are not already stolen however, you basically risk showing them to people who are already monitoring you via a Trojan.
  2. By paying up you may or may not recover your files – but every time someone pays the ransom, the criminals grow stronger. They develop their software even more and people like you suffer
  3. There is really no reason for them not to give you your files back – but at the same time, there is always the chance you will pay but the files are not released and you will continue to search for a “locky datei” solution.
If your files have already been encrypted by Locky Virus, then you are in some serious trouble. Don’t panic though – we’ll try our best to help you with this article. What you are facing is a very dangerous virus of the ransomware type. These viruses have gained a lot of notoriety, because they encrypt your files and make them unusable, but the process is not reversed if you delete the virus. This gives the hackers a lot of leverage that they will undoubtedly use to blackmail you for a ransom, if they haven’t already. You will need to learn some more basic info on ransomware viruses before you can deal with fichier locky effectively, so please keep reading. This will also shed a light how to perform a “locky datei” recovery and how to avoid getting a locky recover instructions ransom note.
Locky Virus – first stage
When your computer was first infected with the ransomware it began encrypting your files. Depending on the size of your HDD and how much data you had the process could have taken a couple of hours or even days. The virus remains out of sight during this, but you may have spotted signs of its presence – your PC performing poorly than usual, programs taking ages to load. Encryption is a memory and CPU intensive process and takes a toll on your system resources – in the future if your computer is working poorly open the task managed and look at what’s eating the resources. Ransomware viruses usually try to pose as windows programs and services, so if you see two of those with the same name and one of them is taking a lot of CPU power you’ll have your culprit – immediately shut down the process and delete all associated files or better yet pull the plug on your PC and find an expert.
The locky virus ransom note.
The locky virus ransom note.
Locky Virus – reveal
If your files have already been encrypted, then you have probably already seen the ransomnote generated by the virus. It probably has some kind of timer to put pressure on you and it demands the payment to be made in BitCoins. The criminals are now hoping that the surprise shock will put you to the edge and you’ll pay them the ransom. Well… that’s really not a good idea, for a couple of reasons.
  1. Paying money to cyber criminals only encourages them to get better at their craft and extort even more people.
  2. You are not guaranteed in any way that your files will be decrypted successfully if you make the payment.
  3. There is absolutely no reason to pay until you’ve tried all the free methods first.
The methods we’ve provided at our guide do not provide guaranteed recovery of all files, but they are an excellent start. Paying the ransom should only ever be considered if all other options are exhausted and the documents encrypted are worth much more than the ransom money.
There is a good chance you have a Trojan horse in your computer
While it is certainly possible that you unknowingly installed Locky Virus on your own computer chances are that a Trojan horse actually did it. Trojan horse viruses are the preferred method of spreading ransomware – they are very subtle and not all anti-malware programs can detect them and they can remain on an infected computer for a really long time. Trojan horse viruses that deliver ransomware are also known as “droppers” and you should make sure that you don’t have one of these installed on your computer. It can always download new ransomware if left alone. Unfortunately, such a search is next to impossible to perform manually – you’ll have to trust an anti-virus or an-anti malware program with it. If you don’t have one or if the one you have failed you with the ransomware feel free to check out our recommendation by clicking on one of the banners on this page.
SUMMARY:
Name.Locky
TypeRansomware
Danger LevelHigh (Ransomware viruses are of the highest threat level there is)
SymptomsPC slowness followed by file encryption and ransom demand.
Distribution MethodTrojan horse “droppers”, sometimes directly via email attachments and malicious websites.
Detection ToolMalware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional .Locky scanner to make sure you find all files related to the infection.Sponsored

Locky Virus Ransomware Removal


Readers are interested in:
Step1
Reboot in Safe Mode (use this guide if you don’t know how to do it).
This is the first preparation.
Step2


Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version. More information about SpyHunter and steps to uninstall.
The first thing you must do is Reveal All Hidden Files and Folders.
  • Do not skip this. Locky Virus may have hidden some of its files.
Hold the Start Key and R – copy + paste the following and click OK:
notepad %windir%/system32/Drivers/etc/hosts
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
hosts_opt (1)
If there are suspicious IPs below “Localhost” – write to us in the comments.
Type msconfig in the search field and hit enter. A window will pop-up:
msconfig_opt
Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.
Step3
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.
WARNING! READ CAREFULLY BEFORE PROCEEDING!


Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version. More information about SpyHunter and steps to uninstall.
Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.
malware-start-taskbar
Step4
Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and typethe virus’s Name. 
Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.
Type each of the following in the Windows Search Field:
  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%
Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!
Look for these files:
  • %UserpProfile%\Desktop\_Locky_recover_instructions.bmp
  • %UserpProfile%\Desktop\_Locky_recover_instructions.txt
  • %Temp%\[random].exe
Additionally, type Regedit in the windows search field, and deal with the following registries:
HKCU\Software\Locky
HKCU\Software\Locky\id
HKCU\Software\Locky\pubkey 
HKCU\Software\Locky\paytext
HKCU\Software\Locky\completed
HKCU\Control Panel\Desktop\Wallpaper
Step5 

How to Decrypt files infected with Locky Virus

There is only one known way to remove this virus successfully – reversing your files to a time when they were not infected. There are two options you have for this:
The first is a full system restore. To do this type System Restore in the windows search field and choose a restore point. Click Next until done.
system restore_opt
Your second option is a program called Recuva
Go to the official site for Recuva and download it from there – the free version has everything you currently need.
When you start the program select the files types you want to recover. You probably want all files.
Next select the location. You probably want Recuva to scan all locations.
Now click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish – maybe even several hours if your HDD is really big, so be patient and take a break if necessary.
You will now get a big list of files to pick from. Select all relevant files you need and click Recover.
Did we help? Found an alternative solution? Share your feedback with us so we can help other people in need!
==========================
 "O σιωπών δοκεί συναινείν"

Δεν υπάρχουν σχόλια:

Δημοσίευση σχολίου