Threat Database Ransomware EvilLock Ransomware

EvilLock Ransomware

By GoldSparrow in Ransomware

Threat Scorecard

Threat Level: 80 % (High)
Infected Computers: 1
First Seen: February 1, 2017
Last Seen: March 12, 2020
OS(es) Affected: Windows

The EvilLock Ransomware is a ransomware Trojan that is used to encrypt the victims' files. The EvilLock Ransomware does this so that the people responsible for the attack can then demand a ransom payment in exchange for the decryption key, needed to recover the affected files. Take precautions to ensure that your computer is well protected against ransomware Trojans like the EvilLock Ransomware.

Another 'Evil' that Locks Your Files

The EvilLock Ransomware is designed to encrypt files. There are several versions of the EvilLock Ransomware. The newest of these can be identified easily because files that are encrypted during the EvilLock Ransomware will have the extension '.EvilLock,' which is added to each affected file's name. The victims of the EvilLock Ransomware attack are instructed to contact the con artists responsible for the attack at the email address gena1983@mbx.kz to receive information about the attack and how to pay to receive the decryption key. In most cases, the EvilLock Ransomware is delivered to the victims' computers through spam email messages containing corrupted email attachments. Because of this, computer users need to take precautions online and ensure that their computers are well protected against these intrusions.

The EvilLock Ransomware Uses a Highly Effective Attack Method

Unfortunately, the EvilLock Ransomware carries out an effective attack that may lead computer users with no choice but to pay the ransom. The EvilLock Ransomware is written using JavaScript and may be delivered through corrupted macro scripts that can be embedded in numerous seemingly harmless files. Once the EvilLock Ransomware infects a computer, it makes a list of the affected files on the victim's computer. The EvilLock Ransomware encrypts these files using the AES 256 encryption and locks them completely to prevent the victim from accessing the affected files. The EvilLock Ransomware then communicates with its Command and Control server to relay information about the infected computer and receive instructions from the attacker. Unfortunately, the EvilLock Ransomware's encryption method is effective; the files encrypted by the EvilLock Ransomware will no longer be accessible without the decryption key, which will be in possession of the people responsible for the attack.

The EvilLock Ransomware delivers its ransom note in the form of a text and an HTML file, both dropped on the infected computer's Desktop. These files, named 'HOW_TO_DECRYPT_YOUR_FILES.HTML' and 'HOW_TO_DECRYPT_YOUR_FILES.TXT' contain the following message:

'As you can see some of your files have been encrypted!
Encryption was made using a unique strongest AES key. If you want to restore your files you need to BUY the key, it costs 0.3 BTC. Send me your ID gena1983@mbx.kz'

Preventing the EvilLock Ransomware Attacks and Protecting Your Computer

Once the EvilLock Ransomware has managed to encrypt your files, the damage will already be done, and the recovery of the infected files is impossible currently. Because of this, having backup copies of all your files is a must do. In fact, this is the single best measure can make you invulnerable to attacks like the EvilLock Ransomware completely. If the infected files can be recovered from a backup copy on the cloud or an external memory device, then the people responsible for the EvilLock Ransomware attack lose any leverage that allows them to demand a ransom payment from the victim. Apart from backup copies, you should have a reliable security program that is fully up-to-date. This can help intercept the EvilLock Ransomware before it causes any damage and also alert the victim if a ransomware attack is being carried out.

Since the EvilLock Ransomware and similar ransomware Trojans may be distributed using corrupted email attachments, caution when handling email is paramount to ensure that these infections don't enter your computer. Because of this, employees and individuals that could put a business at risk through a corrupted email attachment should be educated. Avoid unsolicited email attachments and always confirm the contents of an email attachment before downloading its contents.

Trending

Most Viewed

Loading...