PyLock Ransomware

Posted: September 18, 2019

PyLock Ransomware Description

The PyLock Ransomware is a file-locker Trojan that can encrypt files on your computer to hold them up for a ransom. Other symptoms include changes to security and data recovery-related settings and a pop-up that's similar to those of the Crysis Ransomware family. Have your anti-malware solution remove the PyLock Ransomware as soon as possible before using any intact backup for recovery.

A Python's Next Squeeze Around Your Media

The PyLock Ransomware is clambering onto the same pile of threats as the Amavaldo banking Trojan or the Noblis Ransomware, as another, Windows Trojan using Python for attacking victims. Although this programming language is easy-to-learn, its threat actor is opting for updating a previous program, the SystemCrypter Ransomware, instead of building a from-scratch original piece. The PyLock Ransomware's payload is very similar to and just as threatening as, its ancestor's attacks.

The PyLock Ransomware keeps the CBC mode, AES-256 encryption that is the centerpiece of the first Trojan's file-locking capabilities. It uses this encryption method for blocking media files, out of which, malware experts can confirm over a hundred formats, including common ones (like DOCs) and niche ones (YUV raster graphics and compressed TAR archives, for instance). The 'locked' extension it places on them is a symptom that the PyLock Ransomware shares with its predecessor and other Trojans of the same type.

Although the PyLock Ransomware has a maximum size limit for what it locks, the number is generous and should accommodate most formats. Malware researchers also recommend paying attention to related security issues during infections, including:

  • The PyLock Ransomware can disable some system-monitoring and administrative programs, such as the Windows Task Manager.
  • The PyLock Ransomware, like a majority of file-locker Trojans, erases all the Windows ShadowVolume Copies securely.
  • The PyLock Ransomware also creates an advanced HTML or HTA pop-up with its ransom demands. It asks for an enormous 5 Bitcoins (or fifty thousand USD) for the threat actor's file-unlocking service.

Loosening a Digital Serpent's Hold

Victims of the PyLock Ransomware infections should remain aware of the threat's possibility of spreading to vulnerable networks, especially, including dedicated NAS (network-attached storage) hardware. Disabling both local and non-local network connections should be one of the first steps taken in dealing with a potential the PyLock Ransomware attack. Although malware experts can't confirm a current, free decryptor for the PyLock Ransomware, it also is possible that a security researcher with cryptography experience could develop one, with the relevant samples.

Besides decrypting files, users also can restore them through secure backups, which always occupy the preferential restoration path for countering Trojans of this category. Malware analysts recommend saving backups to USBs or other, portable storage that isn't left connected to the computer or using a cloud service with password protection. A professional anti-malware product may delete the PyLock Ransomware but can't unlock anything that the Trojan's already attacked.

The PyLock Ransomware's installation includes multiple references to a fake 'invoice' executable. Clicking on a counterfeit bill is an easy way of compromising your computer, and any employee of any company should know better than to take a filename at its word.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PyLock Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Related Posts

Home Malware Programs Ransomware PyLock Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.