AutoLocky Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 5,686 |
| Threat Level: | 100 % (High) |
| Infected Computers: | 13,352 |
| First Seen: | April 19, 2016 |
| Last Seen: | September 18, 2023 |
| OS(es) Affected: | Windows |
The AutoLocky Ransomware is a ransomware Trojan that tries to impersonate the infamous Locky ransomware Trojan but fails. The AutoLocky Ransomware is poorly implemented and not particularly effective. It seems that the AutoLocky Ransomware tries to trick computer users into believing that their computer was infected by Locky, a known ransomware Trojan that may be devastating when attacking a computer. The AutoLocky Ransomware refers to itself as 'Locky' and adds the extension '.Locky' to the encrypted files, in the same way as Locky. However, after a more profound analyse of the AutoLocky Ransomware, PC security researchers have found that the AutoLocky Ransomware's ransom note is entirely different from Locky's. The AutoLocky Ransomware also does not use TOR or other anonymous methods to communicate with its Command and Control server. The AutoLocky Ransomware uses a quite primitive scripting language, AutoIt, rather than the standard Visual C++, which is associated with more sophisticated threats. It is highly likely that the AutoLocky Ransomware is the work of amateurs that attempt to profit in the short term by creating scripts using readily available, non-sophisticated tools.
Thankfully there is a Solution for the Files Encrypted by the AutoLocky Ransomware
PC security analysts quickly found vulnerabilities in the AutoLocky Ransomware's script, making it quite simple to decrypt the files that have been encrypted by the AutoLocky Ransomware. Currently, however, PC security analysts have managed to pinpoint the most common distribution method for the AutoLocky Ransomware. If your computer has been infected by the AutoLocky Ransomware, follow the instructions below to deal with this threat:
- The first thing you will want to do when infected with the AutoLocky Ransomware is to look through your start-up folder to find the executable file that is launching the AutoLocky Ransomware when you start up your computer.
- Use the Task Manager and end that executable file's process. Once you have done this, it should be possible to delete the executable file from your computer.
- Once you have removed the AutoLocky Ransomware's file and start-up link, it is possible to decrypt your files. A quick search through your preferred PC security source should help you find a decryption utility for the AutoLocky Ransomware, created by PC security researchers.
- Download the decryption utility and follow the instructions to proceed. It should generate the decryption key without any need for you to pay the ransom.
How the AutoLocky Ransomware Infection Works
The AutoLocky Ransomware may be the first encryption ransomware Trojan created using AutoIt and a similar scripting tool. This scripting language was used to help in implementing certain functions on computers originally. Now, it has become a powerful scripting language that may be used to carry out different tasks on a computer. The main weakness of scripts created with AutoIt is that they may be decompiled into readable scripts. This allows security researchers to analyze the code of the original script before it is compiled into an executable file. Having this kind of access to a threat's code makes dealing with it a trivial matter.
Overall, the AutoLocky Ransomware's infection method is pretty standard. The AutoLocky Ransomware executable file uses an icon identical to Adobe Reader. The AutoLocky Ransomware targets the most commonly used file extensions targeted by other ransomware Trojans. After encrypting the victim's files, the AutoLocky Ransomware creates a text and HTMLfile on the victim's Desktop, containing instructions on payment. The AutoLocky Ransomware uploads the victim's encryption key to its Command and Control server, which is located at the domain crazyloading.cc. One additional weakness associated with the AutoLocky Ransomware is that this threat doesn't delete shadow volume copies of files the AutoLocky Ransomware has encrypted. This would theoretically allow computer users to recover their files using a Shadow Volume reader or tool, which is unnecessary at this point because there's a decryption utility easily reachable. When dealing with an unknown threat, regarding of its claims, the affected PC user should take steps to check whether PC security researchers have found a solution; as with the AutoLocky Ransomware, things may not be as bad as they seem!
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.