Decrypt Files Encrypted with AutoLocky Ransomware - How to, Technology and PC Security Forum |

Decrypt Files Encrypted with AutoLocky Ransomware

sensorstechforum-autolocky-decryption-freeA ransomware variant came out in April 2016, carrying the name AutoLocky and using the .locky file extension. It pretends to be one of the big players in the game – Locky Ransomware, using its file extension. The virus may enter the computer through heavily obfuscated payload carrier that may drop the payload and encrypt the user files with a strong cipher, leaving a ransom note behind and asking for a payoff to allow the user to access them again. In this article we aim to show you how to get quickly rid of AutoLocky and start decrypting your files, using Emsisoft’s AutoLocky decrypter.

AutoLocky Ransomware – More Information

Once it enters the computer of the user, AutoLocky, creates a malicious executable and makes it run in the Windows Task Manager. The executable may exist under different names, so users need to check the system folders and delete the executable after stopping it in Windows Task Manager. Malware researchers also strongly advise to delete the startup file to prevent any AutoLocky scripts from running on Windows Startup:

C:\Users\%UserProfile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk

Since the executables created by AutoLocky may be more than one and they may exist under different names and in different folders, malware experts often advise users to remove swiftly the virus and all its associated files and registry values as well as other objects using an advanced anti-malware program:


Malware Removal Tool

Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter

AutoLocky Ransomware – Decryption Instructions

After you have made sure your computer is secure; you may begin using the instructions below to decrypt files encoded by AutoLocky. Lets start!

Step 1: Download the AutoLocky Decrypter by Emsisoft and save it at a place where you can easily locate it:


Malware Removal Tool


Step 2: Run AutoLocky Decrypter as an administrator. Make sure your computer still has the encrypted files by AutoLocky on it. After starting it, you should see a pop-up detecting a key set by this ransomware. It looks like this:


Step 3: Press OK and then you should see the main panel of the decrypter. From there you can simply select C:\ or choose a folder whose files you want to be decrypted. After you have made your selection, you should click on the “Decrypt” button to start the process:


Step 4: After the process has started you should see on the live feed of the decrypter whether or not your files have been decrypted.

3-decrypter-emsisoft-sensorstechforum-decryption process

AutoLocky Decryption – Conclusion

Similar to the Locky ransomware, AutoLocky claims to use AES and RSA encryption algorithms that generate two unique decryption keys. However, the situation is completely different, because if this virus were impenetrable, researchers wouldn’t be able to create a decryptor for it.

Whatever the case may be, the situation with AutoLocky and other ransomware viruses like it is becoming more and more widespread. This is the main reason why we have decided to prepare several protection tips to maximize your ransomware protection in the future and avoid such situations in the future. Because, unlike this virus, there are many like it (Zepto, Cerber2, CryptoWall) for which there is no decryptor and users are left with no choice but to either pay the ransom or sit put while a decryption becomes available. This is why we advise you to follow these instructions to greatly increase ransomware protection:

Sensorstechforum’s Ransomware Protection Tips
Safely Securing Your Data in The Future


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share