Eylamo Ransomware

Posted by Lisa Blanc on July 3, 2017

What is Eylamo Ransomware?

Malware analysts at anti-spyware-101.com have recently spotted a new ransomware infection based on HiddenTear. It has been given the name Eylamo Ransomware. Since it is a brand new crypto-threat, it has not infected many computers yet. Of course, the situation may dramatically change soon. Since this threat usually enters users’ computers illegally, it takes time for them to realize that this malicious application is inside their systems. In most cases, they find out about this after discovering a number of files encrypted. The version of Eylamo Ransomware tested by our specialists encrypts files located on Desktop and in the pictures library only; however, if you cannot access more files and they contain a filename extension .lamo, there is no doubt that Eylamo Ransomware is the one that should be blamed for locking them. Ransomware-type infections lock users’ files with the intention of getting money from them, so do not be surprised when you find a .txt file with a ransom note on your Desktop too. Do not pay cyber criminals a cent no matter how badly you need to get your files back because it is unclear whether you will get them unlocked. On most occasions, cyber criminals do not see a point of decrypting files when they already have money in their hands. In some cases, they do not even have the private key that can unlock files, so they cannot give it to users either.testtesttest

What does Eylamo Ransomware do?

It will not take long to realize that Eylamo Ransomware is inside the system because you will find your files locked, a new image “Oops, your files have been blocked!” instructing to read READ_IT.txt set as Desktop background, and, finally, a ransom note READ_IT.txt created on Desktop. At the beginning, it explains why users cannot access their files:

This computer has been hacked

Your personal files have been encrypted

Then, they find out that they can unlock them only by sending “BTC or kebab” in return for the key that can unlock files. Only the Bitcoin address for sending money is provided to users. The amount of money they have to pay to cyber criminals is unknown either. Judging from the only word “BTC,” it might require 1 Bitcoin (~ 2500 USD). Do not send a ransom to the developer of this ransomware infection by any means even if some of your important files have been encrypted because the chances are high that you will get nothing in exchange. Unfortunately, in this case, you could not get your money back either. Unfortunately, we cannot promise that you could unlock your files without the private decryption key. There is only one effective way to get files back for free we know about – restore them from a backup.

Where does Eylamo Ransomware come from?

Specialists cannot say anything very new about the dissemination of Eylamo Ransomware – it is spread exactly like similar file-encrypting threats. First, users might download it from pages containing free software. This malicious download will definitely not have a name “malware.” Instead, it will be presented as useful software. Second, ransomware infections are often spread via spam emails. They do not enter users’ PCs when they open these spam emails. Instead, these threats end up on computers only if users open attachments from these emails or click on malicious links they find in them. Last but not least, active malware could have helped Eylamo Ransomware to enter your PC illegally. Keep your PC clean and install a security application to avoid security-related problems in the future.

How to delete Eylamo Ransomware

After doing all the dirty work, Eylamo Ransomware deletes itself automatically. Only its launcher and the ransom note are left on the affected computer, so we are sure you will manage to delete this infection from your PC with our help. If you find it impossible to delete this threat manually, you can scan your system with an automated scanner to have it deleted automatically. All other active untrustworthy applications/malicious components will be removed together with the ransomware infection from your system, leaving your PC safe and sound.

Remove Eylamo Ransomware

  1. Remove all suspicious recently downloaded files you manage to find. You should start from checking the following directories: %USERPROFILE%\Downloads, %USERPROFILE%\Desktop, %TEMP%, and %APPDATA%.
  2. Remove the ransom note READ_IT.txt from Desktop.
  3. Clean the Trash bin. 100% FREE spyware scan and
    tested removal of Eylamo Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *