PyLock Ransomware
The PyLock Ransomware is a file-locker Trojan that can encrypt files on your computer to hold them up for a ransom. Other symptoms include changes to security and data recovery-related settings and a pop-up that's similar to those of the Crysis Ransomware family. Have your anti-malware solution remove the PyLock Ransomware as soon as possible before using any intact backup for recovery.
A Python's Next Squeeze Around Your Media
The PyLock Ransomware is clambering onto the same pile of threats as the Amavaldo banking Trojan or the Noblis Ransomware, as another, Windows Trojan using Python for attacking victims. Although this programming language is easy-to-learn, its threat actor is opting for updating a previous program, the SystemCrypter Ransomware, instead of building a from-scratch original piece. The PyLock Ransomware's payload is very similar to and just as threatening as, its ancestor's attacks.
The PyLock Ransomware keeps the CBC mode, AES-256 encryption that is the centerpiece of the first Trojan's file-locking capabilities. It uses this encryption method for blocking media files, out of which, malware experts can confirm over a hundred formats, including common ones (like DOCs) and niche ones (YUV raster graphics and compressed TAR archives, for instance). The 'locked' extension it places on them is a symptom that the PyLock Ransomware shares with its predecessor and other Trojans of the same type.
Although the PyLock Ransomware has a maximum size limit for what it locks, the number is generous and should accommodate most formats. Malware researchers also recommend paying attention to related security issues during infections, including:
- The PyLock Ransomware can disable some system-monitoring and administrative programs, such as the Windows Task Manager.
- The PyLock Ransomware, like a majority of file-locker Trojans, erases all the Windows ShadowVolume Copies securely.
- The PyLock Ransomware also creates an advanced HTML or HTA pop-up with its ransom demands. It asks for an enormous 5 Bitcoins (or fifty thousand USD) for the threat actor's file-unlocking service.
Loosening a Digital Serpent's Hold
Victims of the PyLock Ransomware infections should remain aware of the threat's possibility of spreading to vulnerable networks, especially, including dedicated NAS (network-attached storage) hardware. Disabling both local and non-local network connections should be one of the first steps taken in dealing with a potential the PyLock Ransomware attack. Although malware experts can't confirm a current, free decryptor for the PyLock Ransomware, it also is possible that a security researcher with cryptography experience could develop one, with the relevant samples.
Besides decrypting files, users also can restore them through secure backups, which always occupy the preferential restoration path for countering Trojans of this category. Malware analysts recommend saving backups to USBs or other, portable storage that isn't left connected to the computer or using a cloud service with password protection. A professional anti-malware product may delete the PyLock Ransomware but can't unlock anything that the Trojan's already attacked.
The PyLock Ransomware's installation includes multiple references to a fake 'invoice' executable. Clicking on a counterfeit bill is an easy way of compromising your computer, and any employee of any company should know better than to take a filename at its word.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.