What is Evil Locker Ransomware?
Evil Locker Ransomware is a data-kidnapping malware that encrypts personal files on victim’s computer. Cybercriminals use spam email campaign to spread their offspring. As a general rule, victims get a fraudulent email from some trustworthy and when he opens the attached file he simultaneously activates the virus. All your personal files subsequently will be encrypted which means the user will not be able to open, read or edit files until they are decrypted. To get back your files, you are forced to pay a sum of money in bitcoins. Actually, if you have been attacked by Evil Locker Ransomware, there is no need to contact them and especially to make any concessions. Remember, you are up against fraudsters who don’t care about your files and whose the main purpose is to make a profit. Hence, there is a high risk of being left without decryptor and money. Instead, you may try using this guide to remove Evil Locker Ransomware and decrypt .EVIL files without spending any money.
The principle of work of the ransomware is always the same – to encrypt files and then to require payment. Evil Locker Ransomware encodes users’ personal files via AES encryption algorithm. All infected files are renamed via Base64 algorythm and get “.[evil@cock.lu].EVIL” or “.[evil@firemail.cc].EVIL” extension. For example, file “myfamily.jpg” will turn into “myfamily.jpg.[evil@cock.lu].EVIL”. After this, ransomware creates !_HOW_RECOVERY_FILES_!.txt file, where the user may find the demands of criminals to decrypt encrypted files:
>>>>>>>>>>>>>>>>>>>>>>>>>>>> EVIL LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write to email: evil@cock.lu And in subject write your ID: ID-7b23fb We send you full instruction how to decrypt all your files. If we do not respond within 24 hours, write to the email: evillock@cock.li 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.) >>>>>>>>>>>>>>>>>>>>>>>>>>>> EVIL LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<
Although Evil Locker is a really dangerous virus, you still have a good chance to get them back. Before deciphering, you should first stay focused on removing Evil Locker Ransomware to avoid re-infection. Once Evil Locker Ransomware is removed, you can proceed with decryption. Both automatic and manual solution is presented here that we hope will help you remove Evil Locker Ransomware and recover your files.
How Evil Locker ransomware gets on your PC?
This type of virus can be infiltrated through several methods, including freeware software, spam messages, trojans, software from dangerous sources, etc. A process of installation can start hidden and automatically. Besides that, some malware programs can mark Evil Locker Ransomware as a trusted software program.
How to remove Evil Locker ransomware?
To make sure that the ransomware won’t reappear, you need to delete Evil Locker ransomware completely. For this, you need to remove the files and registry entries of the ransomware. We should warn you that performing some of the steps may require above-average skills, so if you don’t feel experienced enough, you may apply to the automatic removal tool.
Performing an antimalware scan with Norton would automatically search out and delete all elements related to Evil Locker ransomware. It is not only the easiest way to eliminate Evil Locker ransomware but also the safest and the most assuring one.
How to decrypt .EVIL files
Restore files with Stellar Data Recovery
Stellar Data Recovery is an essential tool in the fight against ransomware-type viruses that can recover encrypted files.
- Download Stellar Data Recovery and launch it
- Select the drive you want to recover and click START SCAN
- After scanning is finished, you are presented with a list of recoverable files found.
- Select the required files and click the Recover
Decrypt files using our decryption service
You may try using our own service for decrypting files compromised by ransomware-type viruses. The analysis of data takes 3-5 days, after which, we will let you know whether it’s decryptable or not. Note: the service is paid, payment is charged only for decryption, the analysis is free. In order to use our service, you should fill out the form listed below.
Also, please add a log file, created on your PC:
- Click “Start” and type: “cmd.exe” in the search box
- Right-click “cmd.exe” and select “Run as administrator“
- In command line, type or copy/paste following: dir C:\ /a/s > “%userprofile%\dirc.log”
- Find and attach the created “%userprofile%\dirc.log” file to the web form
Please attach encrypted text files according to the following conditions:
- number of files should not exceed 4;
- file size is not more than 8 megabytes;
- files must be from different folders;
- files must be unique.
Restore the system
- Initiate the search for system restore
- Click on the result
- Choose the date before the infection appearance
- Follow the on-screen instructions
Roll the files back to the previous version
- Right-click the file and choose Properties
- Open the Previous Version tab
- Select the latest version and click Copy
- Click Restore
If the above-mentioned methods didn’t help in eliminating the threat, then it’s better to rely on an automatic way of deleting Evil Locker Ransomware.
How to prevent ransomware infection
To prevent infection with ransomware-type viruses, you should have proper antimalware software. This method is convenient because it allows you to detect a virus before it penetrates, and therefore to avoid infection and the loss of all your data. It is capable of protecting not only home computers but also server systems in large organizations. Download antimalware program to secure your system and privacy.
Hi
We have a machine which was attacked by ransomware, as per the below text file.
We see that large files have only their first 100kB or so encrypted, and that some data is appended to these files (8 bytes + 512 bytesytes).
We have some original files which can be paired to the encrypted files.
Please advise whether you may be able to assist us.
Many thanks
Les Caroto
Johannesburg, South Africa
Tel +27 11 100 4740
Contents of !_HOW_RECOVERY_FILES_!.txt:
>>>>>>>>>>>>>>>>>>>>>>>>>>>> EVIL LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>> EVIL LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<