EvilLock Ransomware

Posted: February 1, 2017

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	3

First Seen:	February 1, 2017
Last Seen:	March 12, 2020
OS(es) Affected:	Windows

The number of crypto-threat infections being distributed in the wild is still rising gradually in the first months of 2017, and computer users must take the necessary security measures to prevent threats of this type from causing damage to their files. One of the new additions to the list of crypto-threats released in 2017 is the EvilLock Ransomware, a threat that appears to target mostly residents of the Czech Republic. However, this does not mean that users in other countries will not come across some of the corrupted e-mail messages used to spread the EvilLock Ransomware's payload, and it is very likely that users all across America or Europe may end up having their computers locked by the EvilLock Ransomware if they don't have the necessary measures to prevent this.

Naturally, the best protection against the EvilLock Ransomware and threats similar to it is to use a reputable anti-malware software suite that will scan all incoming files for corrupted indicators. In addition to this, credible anti-virus products also can warn you if you are about to browse unsafe Web pages or other suspicious content. Taking the necessary security measures is important because an infection with the EvilLock Ransomware can cost you dearly. This ransomware features a working encryption routine, which targets some of the most popular file extensions used by documents, media files, backups and archived files. Whenever the EvilLock Ransomware successfully encrypts a file's contents, it also will modify the name of the original file by adding '.the EvilLock' as an additional extension (e.g. 'spreadsheet.xlsx' will be renamed to 'spreadsheet.xlsx.the EvilLock').

'As you can see some of your files have been encrypted!
Encryption was made using a unique strongest AES key. If you want to restore your files you need to BUY the key, it costs 0.3 BTC. Send me your ID gena1983@mbx.kz.'

The exact number of file types that the EvilLock Ransomware targets is yet unknown, but we assure you that the ransomware's authors have taken the necessary measures to ensure that their product will inflict as much damage as possible to infected computers. When the encryption routine of the EvilLock Ransomware finishes, the threat proceeds with the next stage of the attack – announcing its demands. To do this, the EvilLock Ransomware creates two ransom notes that victims can find in the files named 'HOW_TO_DECRYPT_YOUR_FILES.HTML' and 'HOW_TO_DECRYPT_YOUR_FILES.TXT'. They contain the exact same information and urge users to contact gena1983@mbx.kz to learn how they can transfer the ransom fee of 0.3 Bitcoins (approximately $300) to the attacker's Bitcoin wallet. However, the ransom message does not mention anything about free decryption as proof that this is possible, nor does it provide victims with any reassurance that they'll get their files back if they fulfill the attacker's demands. These are all red flags that are enough to remind you that paying money to anonymous cyber-crooks is never a good idea! Instead of risking your hard-earned money, we advise you to look for an alternative way out of this unfortunate situation. Regardless of the file recovery method you choose, you must not forget to start by removing the EvilLock Ransomware's components with the help of a trustworthy anti-virus product.

EvilLock Ransomware

Threat Metric

Leave a Reply