How to stop locky ransomware from spreading.

Diverse VE, Inc. (DVEI) > Diverse VE BVlogs > How to stop locky ransomware from spreading.

Author: 02/20/2016 0 Comments

Diverse VE BVlogs

locky ransomware decrypt key page

So How to stop locky ransomware from taking over more of your files?

Well first thing to do when you notice encrypted file is to disconnect all your hard drives and storage devices including any USB drives and SD Cards. That should stop the program from taking over more of your files on those drives. Next you need to find the downloaded “invoice” file that you pressed on and activated the macros, of course by curiosity, and delete those files. The file should be located in your gmail download page or whatever you are saving emails in. From what I have noticed once I’ve done that and then continue to bate the ransomware virus with specific files I placed in easy to access specific locations to see if it is going to encrypt those files, it seems like it stopped encrypting at the same instance I deleted the invoice file which I downloaded from an email I received and therefore activated the ransomware. Now the next thing I suggest is to find a separate HDD and copy all your important encrypted data to it, than disconnect it and store it in the safe place, that way if or when the solution to decrypt this type of file comes out you will have an access and be able to decrypt your encrypted files. In reality when I tested whether the files would be decrypted using restore points…. it does not work, the files remain encrypted. I did not test paying them ransom for a key to decrypt the files, but I believe, it will not work and you will waste $200-?$ for nothing. I might be wrong but most likely right, try it and let me know what happened. So far I discovered that deleting the culprit file solves the issue without using any antivirus softwares.

Okay, Having done that, now check your drive C if you need any files from it and copy them to safe place. For example I copied all my Outlook Mail so I can restore them later. You can also create pdf files from your emails and store those as well. Now that you have all your files that you might need in the future when the solution comes out…, format your drive and put all your programs back… simply start over, and next time don’t give into your curiosity.

From my end point it seems like you don’t even need to reformat your os drive, but I will do mine anyway and put all my programs anew on. Seems like once you remove the email of downloaded file, the program stops encrypting your files.



Leave a Comment

Your email address will not be published. Required fields are marked *