Blue Hexagon Blog

Ransomware Families – iLock

iLock ransomware was discovered in March 2016 and targeted Russian-speaking locations.

iLock is delivered through email with malicious attachments, malvertisements as well as browser hijackers. 

(A Sample ransom note)

Hello, all your files are encrypted, please contact us to restore them. To do this. open-label ‘online consultant’, which is on the desktop or double-click the left mouse button on any encrypted file.
if for some reason you can not contact us via the ‘Live chat’ contact us through the contact is offline:
1) Download the ‘Tor Browser for windows’, you can download it here https://www.torproject.org/download/download-easy.html.en
2) install and run ‘Tor Browser’
3) click on the link http://3goSagjlesrudfml.onion/ (ATTENTION, the site is available only through the’ Tor Browser ‘)
4) Follow the instructions on the website

1) Attention, ‘overwrite / rollback’ of windows does not help to restore files but can ultimately damage chew, and even then we will not be able to restore them.
2) Antivirus nod32, drweb, kaspersky, etc. will not help you decrypt the files, even if you buy them a license for 10 years, they will still not restore files.
3) To encrypt files using ASS which was established in 1908. for 17 years, no one on earth could not crack the encryption algorithm, even the NSA.
4) The key to other users you will not work, since each user, a unique key, so do not expect that someone will pay and will lay the key to decrypt the files.

About encryption .AES256′ on ‘winrar’ exanple, each file was placed in the file ‘winrar’, to archive ‘winrar. put password of 256 characters: 1) Open the file only by typing your password 2) Delete ‘hinrar’ file is archiveo and can not open it. 3) kven if you move the file to another windows. it will still require a password to open. 4) if you ‘reinstall / revert’ win:ohs, the archive ‘wlnrar’ will archive and to open still need ‘wlnrar’ and password of 256 characters.

rou can malt until someone through 60 years will crack was256 encryption algorithm. and after 60 years to restore the files, or to pay for the key and restore files in a couple of hours, the choice Is yours! https://ru.wikipedia.org/wiki/Advanced_ancrypcion_standard

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here