Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Decrypt Files Encrypted with AutoLocky Ransomware

sensorstechforum-autolocky-decryption-freeA ransomware variant came out in April 2016, carrying the name AutoLocky and using the .locky file extension. It pretends to be one of the big players in the game – Locky Ransomware, using its file extension. The virus may enter the computer through heavily obfuscated payload carrier that may drop the payload and encrypt the user files with a strong cipher, leaving a ransom note behind and asking for a payoff to allow the user to access them again. In this article we aim to show you how to get quickly rid of AutoLocky and start decrypting your files, using Emsisoft’s AutoLocky decrypter.

AutoLocky Ransomware – More Information

Once it enters the computer of the user, AutoLocky, creates a malicious executable and makes it run in the Windows Task Manager. The executable may exist under different names, so users need to check the system folders and delete the executable after stopping it in Windows Task Manager. Malware researchers also strongly advise to delete the startup file to prevent any AutoLocky scripts from running on Windows Startup:

C:\Users\%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk

Since the executables created by AutoLocky may be more than one and they may exist under different names and in different folders, malware experts often advise users to remove swiftly the virus and all its associated files and registry values as well as other objects using an advanced anti-malware program:

Download

Malware Removal Tool


Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

AutoLocky Ransomware – Decryption Instructions

After you have made sure your computer is secure; you may begin using the instructions below to decrypt files encoded by AutoLocky. Lets start!

Step 1: Download the AutoLocky Decrypter by Emsisoft and save it at a place where you can easily locate it:

Download

Malware Removal Tool


1-autolocky-decrypter-download-sensorstechforum

Step 2: Run AutoLocky Decrypter as an administrator. Make sure your computer still has the encrypted files by AutoLocky on it. After starting it, you should see a pop-up detecting a key set by this ransomware. It looks like this:

2-DECRYPTION-KEY-autolocky-decrypter-sensorstechforum

Step 3: Press OK and then you should see the main panel of the decrypter. From there you can simply select C:\ or choose a folder whose files you want to be decrypted. After you have made your selection, you should click on the “Decrypt” button to start the process:

2-autolocky-decryptor-choose-folder-sensorstechforum

Step 4: After the process has started you should see on the live feed of the decrypter whether or not your files have been decrypted.

3-decrypter-emsisoft-sensorstechforum-decryption process

AutoLocky Decryption – Conclusion

Similar to the Locky ransomware, AutoLocky claims to use AES and RSA encryption algorithms that generate two unique decryption keys. However, the situation is completely different, because if this virus were impenetrable, researchers wouldn’t be able to create a decryptor for it.

Whatever the case may be, the situation with AutoLocky and other ransomware viruses like it is becoming more and more widespread. This is the main reason why we have decided to prepare several protection tips to maximize your ransomware protection in the future and avoid such situations in the future. Because, unlike this virus, there are many like it (Zepto, Cerber2, CryptoWall) for which there is no decryptor and users are left with no choice but to either pay the ransom or sit put while a decryption becomes available. This is why we advise you to follow these instructions to greatly increase ransomware protection:

Sensorstechforum’s Ransomware Protection Tips
Safely Securing Your Data in The Future

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.