The Locky ransomware is a new virus that has struck the world. It encrypts important documents and files. The threat is very serious, because it can lock people out of their database files as well. Locky ransomware encrypts files in a .locky extension, using RSA algorithm and AES-128 ciphers.

>More information about the Locky ransomware


For now there is no known solution for decryption, but you can try using tools for Data Recovery, to try and restore your files.

N.B. This is an open topic about Locky ransomware. You can share your experience, ask for help, upload encrypted files in your comments. We will try to help you and in any way we can and will post solutions if we discover such. We urge all users to provide as much information as possible for our help to be more effective.

Darn! This thing hit me out of the blue! My work documents are locked!!

What do I do? Many of my work files are with the .locky extension and my back ups are a month old! Is there a way to unlock them?! Please help - these are important files!
Waiting for your answer!

Hello,

I have files encrypted with .locky extension. I upload here a screenshot with files this is how they look.

How to bring back my documents. I read "more information" and try Kaspersky decrypt but it is not working.

Please help thank you!

Hi James and kqly,

First, have you already removed the ransomware with an anti-malware program?

Yes, I reinstall Windows and moved files to USB.

Hello,

Since there are a lot of users complaining and sending files  regarding .locky, I will write a general solution for the ransomware. It is not exactly a solution, but it is the closest you can get to one so far. We will keep you updated once a direct solution or other ways around it come up. Make sure you DO NOT FORMAT YOUR HARD DRIVE OR REINSTALL WINDOWS BEFORE TRYING THE BELOW-MENTIONED METHODS.

I have divided solutions into several methods:

Method 1: Use Volume Shadow Copies In Windows.

There are two options for that:
1) Go to Search and type "File History" after which open it and go to the last date the files were operational after which restore them. This will not work if you have reinstalled Windows.

2) Download Shadow Explorer. This is a free third-party software with the same  purpose.

Method 2: Use file recovery software.

There are many many file recovery programs out there. We have tested several so far:

Stellar Phoenix Windows Data Recovery Technicians License
Data Recovery Pro by Pareto Logic
Stellar Phoenix Windows Data Recovery
Stellar Phoenix Photo Recovery

We have tested the programs but bear in mind that you may recover from tens to hundreds of files depending on the files' health. In case you reinstalled Windows and formatted your hard drive, for example, you chances may drop significantly. Keep that in mind before using these programs. Also, have in mind that they are not decryptors. This software is genuinely created to recover files that are missing so you might recover some data. For different computers there are different results.

Method 3: Go to a data recovery expert.

You can go to a specialist, but bear in mind that it will cost you a lot of money and it will provide you with relatively the same outcome as the software mentioned above, so we do not recommend it.

Method 4: Wait for a decryptor or another solution.

Despite the fact that .Locky uses a strong mixture of several encryption algorhithms, experts are constantly working on finding security weaknesses in the malware itself to reveal a method to unlock the files. We are constantly monitoring Cisco, Emsisoft and Kaspersky as well as other security blogs and forums and will keep you posted as fast as possible when a solution comes up.

Best Regards,
Never

Whoa! Thanks for the quick answers!

mcinn - yes, I removed the virus with a security app, but still lots of files are locked and this is a major issue for me!

never - thanks for the tips - will try them out!

I was wondering if some victims have decided to pay the ransom... and found a discussion about it on Reddit. Some guy said that they paid coz they were desperate etc... And it worked.. However... My thought is that paying the ransom is not a good idea because financial resource from ransoms only supports cyber crime... and it's growing and evolving constantly... Just backup your files professionally and regularly, especially if you own a business!!! Simple as that. And this is what every IT security guy would advise you..

Just a thought I decided to drop here...

Hello again,

Yes, backing up the files is the best solution, but the latest information points out that if the files are backed up in Windows, most ransomware infections, such as .locky delete this backup or encrypt the image file if the backup is created on a system image. This is why I would suggest using other approaches:

-Use an external USB, SSD, HDD or Memory Card to copy the files. This is a hands on approach and is suitable in case you do not have a lot of files to backup.

-Use an automatic backup uploaded to another server in your local network. Such servers should not be accessed by anyone. In fact only one, maximum two people should have access to the server and configure it so that it goes online only during specific times (for example, when backup is being performed).

-Use cloud backup. This is the 21st century`s solution - outsource it. There are many programs out there that encrypt your data and back it up so that its online on their servers but in the same time accessible only if yo go there. One of those programs is called SOS Online Backup. I use it for my home network and it is very good, because it provides unlimited backup storage, which is good if you have A LOT of data.

Hope this helps some of you out there.
Regards,
Never

never - I have considered the methods you proposed up in the comments. It seems that shadow copies is a disabled option on my PC. I also don't want to pay anything for data recovery software unless necessary - do those programs have free trials, or can you recoommend good free ones?

Yes, there are many free programs out there but they lack certain fundamental features such as choosing what type of files you are looking for or selecting an exact folder to scan. If any users know such programs that recover files in the same rate as the ones above, I urge them to share them with us.

Regards,
Never

@for infected users, in order to i can analysis, please share here some encrypted and decrypted files (if you have) for locky ransomware.

Hello,

I have files encrypted with .locky extension. I upload here a screenshot with files this is how they look.

How to bring back my documents.
I read "more information" and try Anti Malware, Kaspersky decrypt, Remo recouver, Recuva, SpyHunter...
but it is not working.

Please help thank you!

@brahim, yes, you can upload screenshots.

There is no reported working recovery method for now. Try other data recovery software like EasyUS which is among the good free ones, or you can try paid ones like Stellar Phoenix or the one by Pareto Logic. If you have formatted your hard drives and if other software doesn't work at all, your chances are not that big, but you can still try. You might have some luck.

@James, what happened? Have you succeeded recovering any files?

Best Regards,
Execute

Hello,

I have files encrypted with .locky extension. I upload here a screenshot with files this is how they look.

How to bring back my documents.
I read "more information" and try Anti Malware, Kaspersky decrypt, Remo recouver, Recuva, SpyHunter...
but it is not working.

Please help thank you!

can you please one or more encrypted files to any upload web site ?