cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Locky Ransomware now using the Aesir Extension for Encrypted Files

One of the client place got infected with ransomware Aesir extension, how to detect and prevent from this?

2 Replies
Highlighted

Re: Locky Ransomware now using the Aesir Extension for Encrypted Files

Hi Sunil,

This new Locky ransomware using the Aesir Extension for Encrypted Files is being distributed through emails that pretend to be a complaint from your ISP, which state that SPAM is being sent from your computer. These emails will contain a subject of Spam mailout and contain a zip attachment with a name like logs_[target_name].zip. Inside this ZIP file is a JS file that when opened will download and execute the Locky ransomware.

So, Don't even open it and delete the mail as soon as possible.

The Locky DLL is currently being executed with a command similar to the one below. Note - Please note that the DLL export being used to install Locky will not be same in all cases.

"C:\Windows\System32\rundll32.exe" %Temp%\vv3y5iUI.dll,jWo7sg8u

Unfortunately, it is still not possible to decrypt files encrypted by the Locky Ransomware for free.

The only way to recover encrypted files is via a backup or you can try through Shadow Volume Copies.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Locky Ransomware now using the Aesir Extension for Encrypted Files

Moved from Virus and Spyware Protection to Corporate User Assistance >Discussions

By

Moderator

Cliff
McAfee Volunteer

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community