unwanted-encrypted-files with RSA-2048 and AES-128 ciphers

DWQA QuestionsCategory: Windowsunwanted-encrypted-files with RSA-2048 and AES-128 ciphers
John Ryan asked 2 years ago

I received the message \’All of your files are encrypted with the RSA-2048 and AES-128 ciphers.\’ When I look at TASKMGR, I do not see any processes with the .locky extension. The majority of my data files seem to be encrypted. If I use the system Restore function, will my files become encrypted? Will be virus be gone? Thanks.

1 Answers
admin Staff answered 2 years ago

Hello John,
If you are finding .Locky file extension with your files then Your Windows OS has been hacked by a ransomware virus. The latest and very nasty Ransomware is spreading at alarming rate. Your computer is infected with cryptolocker-type ransomware infection named “Locky”. It encrypts your files and ask you to pay Bitcoins on TOR browser as a Ransom to decrypt your files. As far as, I could guess that you had found a word document with malicious macro via an email. It made you believe the word file was an important invoice and require payment. When you opened the document, it was requested permission to enable Macro and you allowed.
After this event you found some errors on your screen and computer got restarted. I think you didn’t consider it serious and keep continue operating the computer until you had found first encrypted file and a message “!!!Importent Notice!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers……..”
RSA-2048 and AES-128 ciphers are file encryption algorithms which encrypts files with public and private keys. You need private keys to decrypt your files. You can’t see any associated process on your Task Manager because you computer might compromised by latest fileless version of Locky malware get loaded into system memory via PowerShell. The infection keeps on encrypting files in background of Windows OS and display notification about file encryption. It may change your desktop back ground into ransom note. Victims of this virus try to get rid of .Locky file extension by different attempts like deleting .Locky extension. Some users opt System Restore utility which only affect Windows files and system registry. System restore does not concern with user’s personal file encryption or decryption. It is suggested to use removal of Locky Ransomware and thereafter opt data recovery tool to restore your files. You can get detailed information and removal guide for Locky Ransomware at : http://www.removemalwarevirus.com/remove-locky-file-extension-how-to-get-encrypted-locky-files-back