Evillock Ransomware

What is Evillock Ransomware?

Cyber security specialists at Anti-spyware-101.com have recently stumbled upon a new ransomware that has come to be known as Evillock Ransomware. They say that this malicious application was designed to encrypt your personal files and then demand that you purchase a decryption key if you want to get your files back. Needless to say, you have to remove this malware to reestablish your computer’s security. This ransomware is particularly dangerous because there is no free decryption tool available (at the time of this article). However, paying the ransom is not a good idea because the cyber crooks behind it might not give you the promised decryption key.

What does Evillock Ransomware do?

If your computer becomes infected with Evillock Ransomware, then it will spring into action immediately and begin encrypting your files. Malware researchers say that this ransomware targets documents, images, videos, and audio files specifically because they are likely to be of personal nature and, thus, valuable to the victim. The victims may be compelled to pay the ransom to get their files back. While encrypting the files, this ransomware appends them with the ".EvilLock" which indicates that a file has been encrypted.

Researchers say that Evillock Ransomware might use the AES encryption algorithm to encrypt your files. If that is the case, then this is bad news because the AES algorithm is very strong. Researchers say that this program should create a public encryption a private decryption key. The keys must match for your files to be decrypted. However, the decryption is key is most likely uploaded onto a remote server and stored. Nevertheless, there is no guarantee that you will receive it and the decryption software after you pay. The cyber criminals want you to pay 0.3 BTC which is an approximate 300 USD. 300 dollars is a substantial sum of money, and your encrypted files might not be even worth this kind of money. Still, the crooks use scare tactics such as warning you that if you do not pay within three days, then they will delete the decryption key. Whether it is true or not is up for debate, however. Nevertheless, you should get rid of this ransomware.

Where does Evillock Ransomware come from?

The ransom note that this ransomware drops after encrypting your files states that you need to send the unique ID code to gena1983@mbx.kz —the developers’ contact email. This email address’ Internet Country code top-level domain is for Kazakhstan. Therefore, we assume that Evillock Ransomware was developed in Kazakhstan.

Our malware researchers have also found that this malicious program is distributed via email spam. Its developers have set up an email server that spams users with junk mail containing a dropper file that downloads Evillock Ransomware when opened. The malicious dropper file could be a WSF (Windows Script File) file executed through Windows Script Host or a JavaScript file that runs a malicious script and downloads this ransomware.

How do I remove Evillock Ransomware?

If your computer has been infected with Evillock Ransomware, then we recommend that you remove it as soon as possible. However, unfortunately, all of the encrypted files will remain encrypted, but trusting the cyber crooks is a real gamble because they might not send you the decryption key and software needed to decrypt your files. So if you have made the decision to delete this infection, then we recommend that you use SpyHunter to detect the malicious file (because it could be dropped anywhere on your PC) and delete it manually. Please consult the removal guide below for more information.

How to delete Evillock Ransomware

  1. Launch your web browser.
  2. Visit http://www.anti-spyware-101.com/download-sph
  3. Download SpyHunter-Installer.exe and run it.
  4. Launch the program and Click Scan Computer Now!
  5. Copy the file path of the malware from the scan results.
  6. Hold down Windows+E keys.
  7. Enter the file path of the malware in File Explorer’s address box.
  8. Press Enter.
  9. Find and right-click the malicious file and then click Delete.
  10. Empty the Recycle Bin.
100% FREE spyware scan and
tested removal of Evillock Ransomware*

Leave a Comment

Enter the numbers in the box to the right *