cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Locky Ransomware now using the Aesir Extension for Encrypted Files

One of the client place got infected with ransomware Aesir extension, how to detect and prevent from this?

2 Replies

Re: Locky Ransomware now using the Aesir Extension for Encrypted Files

Hi Sunil,

This new Locky ransomware using the Aesir Extension for Encrypted Files is being distributed through emails that pretend to be a complaint from your ISP, which state that SPAM is being sent from your computer. These emails will contain a subject of Spam mailout and contain a zip attachment with a name like logs_[target_name].zip. Inside this ZIP file is a JS file that when opened will download and execute the Locky ransomware.

So, Don't even open it and delete the mail as soon as possible.

The Locky DLL is currently being executed with a command similar to the one below. Note - Please note that the DLL export being used to install Locky will not be same in all cases.

"C:\Windows\System32\rundll32.exe" %Temp%\vv3y5iUI.dll,jWo7sg8u

Unfortunately, it is still not possible to decrypt files encrypted by the Locky Ransomware for free.

The only way to recover encrypted files is via a backup or you can try through Shadow Volume Copies.

Reliable Contributor catdaddy
Reliable Contributor
Report Inappropriate Content
Message 3 of 3

Re: Locky Ransomware now using the Aesir Extension for Encrypted Files

Moved from Virus and Spyware Protection to Corporate User Assistance >Discussions

By

Moderator

Cliff
McAfee Volunteer