Evillock Ransomware

Evillock Ransomware Is a newly released ransomware-type application designed to encrypt many of your files to make you pay a modest ransom payment. However, we recommend that you remove it from your PC as soon as possible because you cannot trust the cyber criminals that developed this ransomware to send you the decryption tool. It uses a strong encryption algorithm to encrypt your files and decrypting them without the dedicated decryption key is near impossible at this point in time. Nevertheless, cyber security experts might develop a free decryption tool that will help you get your files back. Nevertheless, you have to get rid of Evillock Ransomware first. We have analyzed this malicious application and invite you to find out more about it, so, if you are interested, please continue reading.

At the time of this article, we do not know how Evillock Ransomware is disseminated. Nevertheless, we suspect that its developers have set up a dedicated email server that sends email spam to random email addresses in an attempt to infect as many computers as possible. The emails should feature an attached file that might be a JavaScript file that will run a malicious script when opened and download this ransomware onto your PC. The name of the executable is unknown, but it can be placed anywhere on your PC. We think that this ransomware was created by cyber criminals based in Kazakhstan or somewhere close to it in that region. However, the ransom note is in English, so it is definitely distributed internationally.

If Evillock Ransomware were to infect your PC, then it would go to work immediately and scan your PC for encryptable files. It targets the most widely used file formats in an effort to encrypt as much valuable and personal information as possible. It seems that it uses the AES encryption algorithm to encrypt your files, but that still needs to be proven. If so, then you would be dealing with one of the strongest encryption algorithms out there. This ransomware should generate a public encryption and a private decryption key that is sent to the C&C server controlled by this ransomware’s developers. While encrypting your files, this ransomware will append them with the “.EvilLock” file extension and then drop the ransom note.

The ransom note can be named randomly but is in the HTML format, so you have to open it with your web browser. The note features a unique user ID that you need to send to this ransomware’s developer to gena1983@mbx.kz. The note says that you have three days to pay a ransom of 0.3 BTC which is 307.87 USD because if you do not pay, then this ransomware will delete them. However, you should not pay the ransom because you cannot trust cyber criminals to keep their end of the bargain.

In closing, Evillock Ransomware is a malicious piece of programming that can cause you many problems. You have to remove it from your PC as soon as possible because it might delete your files and you will not be able to recover them. We suggest using SpyHunter to detect this malware and remove it manually. Please refer to the instructions below for more information.

Removal Guide

1. Go to http://www.pcthreat.com/download-sph
2. Download SpyHunter-Installer.exe.
3. Install the program and run it.
4. Click Scan Computer Now!
5. Copy the file path of the malware from the scan results.
6. Press Windows+E keys.
7. Enter the file path of the malware in File Explorer’s address box.
8. Press Enter.
9. Find and right-click the malicious file and then click Delete.
10. Empty the Recycle Bin.