New PyLocky Ransomware Attack on Various Organization that Encrypt More than 100 File Extensions

In the Threat landscape, team of security experts have detected a new member of the ransomware family dubbed as PyLocky Ransomware. The attack of this ransomware has been involved in July and August that widely targeting Windows OS and attack several organizations by evading security solution. Team of security analysts have revealed that it is mainly targeting the European countries including Germany and France.

Know Detailed Information of PyLocky Ransomware

PyLocky Ransomware is regarded as one of the most notorious and dangerous ransomware infection which is specifically designed by the group of cyber criminals to target users file and extort money from them. Some of the security experts note that PyLocky Ransomware is an imposted of infamous Locky Ransomware. This ransomware is written in the Python and it is packed with PyInstaller that helps it to package python based application as the stand-alone executable file. This ransomware includes the capability of anti-machine learning that makes it very difficult for the static analyses. It can affect several languages users because its ransom note are available in the Korean, Italian, French and English languages.

Infection Process of PyLocky Ransomware

PyLocky Ransomware is really one of the most notorious and dangerous ransomware variant. It has several infection procedure but the initial stage of this infection starts with the spam campaign along with the malicious attachment. The developers of such a ransomware spreads its payload to users inbox and trick System users into opening them. Once users click on such an email, PyLocky Ransomware drops a signed executable that drops the component of malware that includes ransomware executable file. Therefore, it is highly advised by security analysts that users should not open any message or suspicious attachment arrived to inbox from unknown person or sender.

Actions Performed By PyLocky Ransomware On Targeting Machine

Once infect Windows PC successfully, it immediately start to conduct its malevolent activities. It uses the combination of AES and RSA cipher algorithm to lock users files. After the depth analysis, researchers revealed that PyLocky Ransomware is capable to encrypt more than 100 file types including :

Once locking files, it communicates with C&C server. The affected users of PyLocky Ransomware can be easily marked the targeted objects because it adds .locky, .lockymap as well as .lockedfile extension at the end of the targeted files name and makes the affected objects inaccessible. After encrypting all file types, it’s developers drops a text file entitled as LOCKY-README.txt that servers as a ransom note. This text file informs users about the attack of PyLocky Ransomware and asks them to pay ransom demanded fee in Bitcoin to get the decryption key.

Know How To Remove PyLocky Ransomware From Different Version of Windows OS

Know What Ransom Note of PyLocky Ransomware Says

In ransom note, the developers or cyber criminals of PyLocky Ransomware informs victim that their data is locked with the military-grade algorithm and they must pay ransom fee to get the unique Locky Locker decryption tool. In order to pay money, victim must download TOR browser and but the decryptor using Bitcoin. However, security analysts are strictly advised victims not to pay ransom demanded fee because there is zero guarantee that you will decrypt your files even paying the large sum of ransom fee. Instead of paying ransom fee, users must remove PyLocky Ransomware

Leave a Comment

Your email address will not be published. Required fields are marked *