Lockify Ransomware

The Lockify Ransomware is a ransomware Trojan that is designed to attack computers with the Windows operating system. First observed on May 4th, 2017, the Lockify Ransomware is being delivered through corrupted email attachments. Victims will receive spam email messages containing attached DOCX files that use macros to execute a corrupted code on the victim's computer. When victims open the corrupted DOCX file, the Lockify Ransomware is downloaded and installed on the affected computer. The Lockify Ransomware is based on HiddenTear, a well-known open source ransomware engine that has spawned countless ransomware variants.

The PC User will Notice the Lockify Ransomware's Actions Too Late

The Lockify Ransomware will run in the background, using little memory resources to remain undetected. The Lockify Ransomware executable file can take one of various forms. The Lockify Ransomware may run with the following file names:

6.exe
ca.exe
ConsoleApplication1.exe

Once the Lockify Ransomware has entered a computer, it uses a combination of the AES and RSA encryptions to make the victim's files inaccessible, searching for user generated file types, which may include text files, spreadsheets, audio files, video files, etc. The Lockify Ransomware connects to its Command and Control server to receive configuration data and relay information about the infected computer to its controllers. The Lockify Ransomware, like many other ransomware Trojans, will modify the name of files it encrypts (making it uncomplicated to know which files have been infected). The Lockify Ransomware will add the file extension '.Lockify' to each file compromised in the attack. The Lockify Ransomware delivers its ransom note in the form of a program window named 'the Lockify Ransomware Instructions,' which is contained in an HTA file named README.hta dropped on the infected computer's desktop after the encryption is complete. This ransom message contains the following text:

'Can't you find the necessary files?
Is the content of your files not readable?
It is normal because the files' names and the data in your files have been encrypted by "the Lockify Ransomware".
It means your files are NOT damaged! Your files are modified only. This modification is reversible.
From now it is not possible to use your files until they will be decrypted.
The only way to decrypt your files safely is to buy the special decryption software "Lockify Decryptor".
Any attempts to restore your files with the third-party software will be fatal for your files!
You can proceed with purchasing of the decryption software at your personal page:
[REDACTED]
If this page cannot be opened click here to get a new address of your personal page.
If the address of your personal page is the same as before after you tried to get a new one,
you can try to get a new address in one hour.
At this page you will receive the complete instructions how to buy the decryption software for restoring all your files.
Also at this page you will be able to restore any one file for free to be sure "Lockify Decryptor" will help you.'

Dealing with the Lockify Ransomware Trojan

The Lockify Ransomware ransom note includes information on how to use TOR to make an anonymous payment, which will be between $600 and $1600 USD in BitCoins. PC security researchers strongly advise computer users to refrain from making the Lockify Ransomware ransom payment, since it is unlikely that the people responsible for the Lockify Ransomware will decrypt the files or refrain from encrypting the victim's data again. Furthermore, paying the Lockify Ransomware ransom allows con artists to continue developing and creating threats like the Lockify Ransomware. Instead, you should have file backups to allow a quick recovery of the affected files without resorting to gambling money on the ransom payment. Unfortunately, when the Lockify Ransomware encrypts the files, they are not recoverable without the decryption key, which the con artists retain in their possession.