iLock Ransomware

iLock Ransomware Description

PC security analysts have observed attacks involving the iLock Ransomware in January 2017. The first versions of the iLock Ransomware were observed in March 2016 carrying attacks in the wild, often with variants possessing different names. Earlier variants of the iLock Ransomware seemed to target computer users in Russian-speaking locations only. This is the opposite of many ransomware Trojans that are designed to avoid attacking computers where the Russian language is set as the default system language. This newer version of the iLock Ransomware, released in January 2017, includes English and Russian versions of the ransom note, named 'WARNING OPEN-ME.txt' and 'ВНИМАНИЕ_ОТКРОЙТЕ-МЕНЯ.txt.' The iLock Ransomware uses a strong encryption method that prevents computer users from recovering their files after they have been encrypted.

Russian PC Users are the Main Target of the iLock Ransomware Infection

Even though the iLock Ransomware seems to target Russian-speakers, it is likely that the iLock Ransomware will pop up in other countries. The iLock Ransomware's code does not include language specific content that could be used to determine the origin of this threat infection. The people responsible for the iLock Ransomware attack have been effective in hiding their origin, hosting the iLock Ransomware's Command and Control servers on the TOR network, which allows them complete anonymity. It is clear that the people responsible for the iLock Ransomware attack are experienced, and there is an organized effort to distribute the iLock Ransomware and carry out these attacks. This differs from many ransomware Trojans that may be the work of amateur coders or inexperienced con artists who will hire the services of a RaaS (Ransomware as a Service) provider.

How the iLock Ransomware Carries out Its Attack

The main purpose of threats like the iLock Ransomware is to encrypt the victims' files. The iLock Ransomware does this so as to demand the payment of a ransom from the victim. After infiltrating the victim's computer, the iLock Ransomware uses the AES-256 encryption to encrypt the victim's data, making it completely impossible to access the encrypted files. The iLock Ransomware will encrypt files on all local drives, as well as on shared network folders and removable memory devices connected to the infected computer. The iLock Ransomware avoids system folders, allowing the iLock Ransomware to take the victim's files hostage but preserving the Windows' functionality. The iLock Ransomware and similar ransomware Trojans maintain the victim's operating system functional so that the victims can pay the ransom amount through the TOR browser.

How the iLock Ransomware and Similar Threats may be Distributed

The iLock Ransomware targets computers using the Windows operating system, and it is capable of infecting versions of Windows ranging from Windows 7 to Windows 10. One of the reasons why threats like the iLock Ransomware are so successful is that even if the iLock Ransomware infection is removed with a reliable security program, the victim's files will remain infected and inaccessible. Individual computer users also may be neglectful when it comes to creating backups of their files, making these attacks especially effective against unprotected computer users. The iLock Ransomware may be distributed using corrupted email attachments contained in spam email messages. Because of this, the first way to protect your computer from an iLock Ransomware infection is to make sure that you have a good anti-spam filter and never open unsolicited email attachments.

Computer users should have backups of their files on an external memory device or the cloud. The ability to recover the affected files from a backup makes attacks like the iLock Ransomware completely ineffective. It is also crucial to have a reliable security program that is fully up-to-date. Having a real-time threat scanner active should intercept the iLock Ransomware infection before it causes too much damage, or will not allow it to be installed on the targeted computer. A combination of caution, backups, and anti-malware software should keep all computer users safe from threats like the iLock Ransomware.

Infected with iLock Ransomware? Scan Your PC for Free

Download SpyHunter's Spyware Scanner
to Detect iLock Ransomware
* SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware removal tool to remove the malware threats. Read more on SpyHunter. If you no longer wish to have SpyHunter installed on your computer, follow these steps to uninstall SpyHunter.

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Site Disclaimer

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as is:
What is 15 + 8 ?