1

I would like to help to my friend.

She opened a email, and after that, all files is transform to some encrypt format on she computer.

Every image, document extension replaced by .locky.

Now, after hours and hours searching on google I dosen't find any trusted way for she get back they files.

I hope we can find out something.

What I already tried:

  1. Remove virus with programs: Malwerebytes, Hitmanpro, they dosen't find any result.
  2. I tried restore the system from the control panel.-Gess what, no restore points..
  3. I tried shadowfile explorer, which capable search shadow files-No results.
  4. I tried rename files from .locky to original format like:png,jpg, etc.- Dosen't work either.

At this point I gived up, I need some help from a experted person.

We would like to target one specifick file types, images, like jpg, jpeg, png and others.

Is there anyway for we can recover this files, without for we need to pay to the hacker?

My friend does not have any backups of the files in question.

Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268
user3545446
  • 387
  • 1
  • 3
  • 12
  • 1
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – Ramhound Apr 07 '16 at 20:46
  • Nope, it's totaly differend, we whant get back loced files, and not just get rid the malwer – user3545446 Apr 07 '16 at 21:48
  • There is no unlocker for files encrypted by Locky, either pay the ransom or lose your files, period the end. – Moab May 03 '16 at 16:44

1 Answers1

2

The "Locky" ransomware will remove VSS (volume snapshot service) AKA shadow copies that may have been made previously, so that's why you aren't seeing those. Simply renaming the files will not work since the files have been encrypted, and the ransomware wants you to pay for the key to decrypt the files. The amount will vary. The only way to get the files back are from a backup.

DukeSilversJazz
  • 452
  • 2
  • 7
  • Unfortunately, I was afraid, but I was hoping that there is some solution to help she. I waiet for other answers, for that hope anyone have expericence remove this fat malware, but if I doesn't get any other answer, I accept yours, becouse it's abolutly correct, I just need some solution. – user3545446 Apr 07 '16 at 19:28
  • 3
    The solution is to either pay the ransom or restore from a backup that has not been encrypted by the malware, these are your only choices. – Moab Apr 07 '16 at 21:28