EvilLock Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Threat Level: | 80 % (High) |
Infected Computers: | 1 |
First Seen: | February 1, 2017 |
Last Seen: | March 12, 2020 |
OS(es) Affected: | Windows |
The EvilLock Ransomware is a ransomware Trojan that is used to encrypt the victims' files. The EvilLock Ransomware does this so that the people responsible for the attack can then demand a ransom payment in exchange for the decryption key, needed to recover the affected files. Take precautions to ensure that your computer is well protected against ransomware Trojans like the EvilLock Ransomware.
Another 'Evil' that Locks Your Files
The EvilLock Ransomware is designed to encrypt files. There are several versions of the EvilLock Ransomware. The newest of these can be identified easily because files that are encrypted during the EvilLock Ransomware will have the extension '.EvilLock,' which is added to each affected file's name. The victims of the EvilLock Ransomware attack are instructed to contact the con artists responsible for the attack at the email address gena1983@mbx.kz to receive information about the attack and how to pay to receive the decryption key. In most cases, the EvilLock Ransomware is delivered to the victims' computers through spam email messages containing corrupted email attachments. Because of this, computer users need to take precautions online and ensure that their computers are well protected against these intrusions.
The EvilLock Ransomware Uses a Highly Effective Attack Method
Unfortunately, the EvilLock Ransomware carries out an effective attack that may lead computer users with no choice but to pay the ransom. The EvilLock Ransomware is written using JavaScript and may be delivered through corrupted macro scripts that can be embedded in numerous seemingly harmless files. Once the EvilLock Ransomware infects a computer, it makes a list of the affected files on the victim's computer. The EvilLock Ransomware encrypts these files using the AES 256 encryption and locks them completely to prevent the victim from accessing the affected files. The EvilLock Ransomware then communicates with its Command and Control server to relay information about the infected computer and receive instructions from the attacker. Unfortunately, the EvilLock Ransomware's encryption method is effective; the files encrypted by the EvilLock Ransomware will no longer be accessible without the decryption key, which will be in possession of the people responsible for the attack.
The EvilLock Ransomware delivers its ransom note in the form of a text and an HTML file, both dropped on the infected computer's Desktop. These files, named 'HOW_TO_DECRYPT_YOUR_FILES.HTML' and 'HOW_TO_DECRYPT_YOUR_FILES.TXT' contain the following message:
'As you can see some of your files have been encrypted!
Encryption was made using a unique strongest AES key. If you want to restore your files you need to BUY the key, it costs 0.3 BTC. Send me your ID gena1983@mbx.kz'
Preventing the EvilLock Ransomware Attacks and Protecting Your Computer
Once the EvilLock Ransomware has managed to encrypt your files, the damage will already be done, and the recovery of the infected files is impossible currently. Because of this, having backup copies of all your files is a must do. In fact, this is the single best measure can make you invulnerable to attacks like the EvilLock Ransomware completely. If the infected files can be recovered from a backup copy on the cloud or an external memory device, then the people responsible for the EvilLock Ransomware attack lose any leverage that allows them to demand a ransom payment from the victim. Apart from backup copies, you should have a reliable security program that is fully up-to-date. This can help intercept the EvilLock Ransomware before it causes any damage and also alert the victim if a ransomware attack is being carried out.
Since the EvilLock Ransomware and similar ransomware Trojans may be distributed using corrupted email attachments, caution when handling email is paramount to ensure that these infections don't enter your computer. Because of this, employees and individuals that could put a business at risk through a corrupted email attachment should be educated. Avoid unsolicited email attachments and always confirm the contents of an email attachment before downloading its contents.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.