Visit BULLGUARD.COM for more information
• Best protection against all types of malware
• Automatic scans to keep your PC clean and virus-free
• Stops unwanted applications from hi-jacking your computer
• Lightning-fast performance that doesn’t slow you down
We still see machines in our workshop with NO protection installed at all so before they leave we install a 60-day FREE TRIAL of Bullguard Internet Security.
If you want to try Bullguard Internet Security FREE for 60 days then click on the button below...
Scroll down for detailed information on the Locky virus - it makes frightening reading!
• Browser Hijacker
• Potentially Unwanted Programs (PUPs)
• Rogue Programs & Scareware
• Trojan Horses
* We have seen several machines infected with the NEW LOCKY virus which is easy to remove BUT it encrypts all your personal files and unless you pay £150 or more with Bitcoins you WILL NOT be able to decrypt them! DO NOT OPEN ANY EMAIL with a Microsoft Word or Excel attachment!!
Potentially Unwanted Program, or PUPs, are pieces of software that you agree to install on your computer but, for most people, doesn't provide any useful service. These types of programs are typically bundled with free software that you download from the Internet. When installing the free programs you may be prompted to install these other programs (PUPs) as well.
PUPs are bundled with a developer's free software because the developer generates revenue for each of these programs that are installed on computer. In fact, there are some developers that create small free utilities just so they can distribute them with PUPs in order to earn money.
Once installed, many of these programs can be difficult to remove and become more of a nuisance rather than a benefit. Many of them will display pop up ads, nag screens, or other types of alerts that are designed to convince you to purchase the software or perform some other actions.
In some cases PUPs can be more damaging to a computer than traditional malware by causing application freezes, crashes, and other instability.
You may see various screens warning you that your computer is infected, requesting that you phone for immediate support - this is part of the 'scam' - they will charge you lots!
The ransomware attack, which was first sent to nearly half a million victims on February 16, came in the form of a Word document with a malicious macro in it. Targets were sent the infected document via an email, which led them to believe the document was an invoice requiring payment. When the document was opened, it requested permission to run a Macro, which many victims allowed. The infected macro then performed the dirty work of installing the ransomware and scrambling the victims’ files.
How Locky Works
Locky ransomware begins its attacks from an infected Windows machine but can spread to other platforms like Linux and OS X via network connections. The ransomware encrypts a wide range of file types, Naked Security researchers wrote in a blog about Locky, including but not limited to videos, images, PDFs, program source code, and Office files. This includes files in any directory on any mounted drive that the infected computer can access, such as removable drives that are plugged in at the time or network shares that are accessible like servers and other people's computers -- no matter if they are running Windows, OS X or Linux. If an infected user is connected to a network with administrator controls, the damage can be significantly widespread. Locky also encrypts Bitcoin wallet files if users have them, making it impossible to access the Bitcoin users may have stored. While losing files is bad enough, the loss of a Bitcoin wallet makes victims even more willing to pay the ransom, particularly if the price of the ransom is less than the value of the Bitcoin stored in the encrypted wallets.
But Locky ups the ante even further, taking additional steps to bring victims to their knees. Once installed, the ransomware removes any Volume Snapshot Service (VSS) files or “shadow copies,” that users’ computers may have made. These shadow copies are a way Windows makes live backup snapshots of works in progress so if users forget to save, or the computer is unexpectedly shut down, those files can be recovered. Users can become dependent on the mechanism as their main backup and neglect making real backups. With a sophisticated ransomware like Locky on the loose, many victims may find themselves at the mercy of the attackers and could soon be shelling out the .5 – 1.00 Bitcoin (approximately £300) to get their files restored and the malware removed.
Can The Locky Ransomware Virus Be Removed And Files Decrypted Without Paying A Ransom?
At this point, whilst it is fairly easy to remove the Locky virus (after the event!) there is only 1 method to decrypt your files - and that's by paying the ransom!
Files targeted are those commonly found on most PCs today; a list of file extensions for targeted files include:
.sql, .mp4, .7z, .rar, .m4a, .wma, .avi, .wmv, .csv, .d3dbsp, .zip, .sie, .sum, .ibank, .t13, .t12, .qdf, .gdb, .tax, .pkpass, .bc6, .bc7, .bkp, .qic, .bkf, .sidn, .sidd, .mddata, .itl, .itdb, .icxs, .hvpl, .hplg, .hkdb, .mdbackup, .syncdb, .gho, .cas, .svg, .map, .wmo, .itm, .sb, .fos, .mov, .vdf, .ztmp, .sis, .sid, .ncf, .menu, .layout, .dmp, .blob, .esm, .vcf, .vtf, .dazip, .fpk, .mlx, .kf, .iwd, .vpk, .tor, .psk, .rim, .w3x, .fsh, .ntl, .arch00, .lvl, .snx, .cfr, .ff, .vpp_pc, .lrf, .m2, .mcmeta, .vfs0, .mpqge, .kdb, .db0, .dba, .rofl, .hkx, .bar, .upk, .das, .iwi, .litemod, .asset, .forge, .ltx, .bsa, .apk, .re4, .sav, .lbf, .slm, .bik, .epk, .rgss3a, .pak, .big, wallet, .wotreplay, .xxx, .desc, .py, .m3u, .flv, .js, .css, .rb, .png, .jpeg, .txt, .p7c, .p7b, .p12, .pfx, .pem, .crt, .cer, .der, .x3f, .srw, .pef, .ptx, .r3d, .rw2, .rwl, .raw, .raf, .orf, .nrw, .mrwref, .mef, .erf, .kdc, .dcr, .cr2, .crw, .bay, .sr2, .srf, .arw, .3fr, .dng, .jpe, .jpg, .cdr, .indd, .ai, .eps, .pdf, .pdd, .psd, .dbf, .mdf, .wb2, .rtf, .wpd, .dxg, .xf, .dwg, .pst, .accdb, .mdb, .pptm, .pptx, .ppt, .xlk, .xlsb, .xlsm, .xlsx, .xls, .wps, .docm, .docx, .doc, .odb, .odc, .odm, .odp, .ods, .odt
Once your files are encrypted, the Locky ransomware will create the _Locky_recover_instructions.txt text files ransom note in each folder that a file has been encrypted and on the Windows desktop. The ransomware will also change your Windows desktop wallpaper to the example below...
46 Queen Street
International Fax Bureau:
+44 (0)1288 357921