. Aesir Locky Ransomware

[rbies 0]

my pc have been infected by new Locky Ransomware virus and encrypted all my .jpg files to .aesir

 

i removed virus from pc so it's stoped infecting more files

 

but how to decrypt infected files ?

[stapp 153]

Please follow the steps here and attach the requested logs so that one of our experts can help you

 

http://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/

[Kevin Zoll 309]

Unfortunately Locky is one of the ones that uses a secure encryption on the files, and the private key to decrypt them can only be obtained by paying the ransom. Currently, there is no reliable way to recover files encrypted by Locky.

If you take your computer to a computer repair place for assistance, then you can let them know the following (they should understand what it means):

Locky deletes Volume Shadow Copies to prevent people from using ShadowExplorer to find backups of the files that were saved automatically, however it doesn't do this securely. There have been reports of people being able to use a file undelete utility such as Recuva to undelete the old Volume Shadow Copies, and then use ShadowExplorer to recover files, however this isn't necessarily straightforward to do (the computer will need to be running from a bootable disk to have write access to the "System Volume Information" folder, or the hard drive will need to be connected to another computer), and even if you can recover the old Volume Shadow Copies the odds of there being backup copies of important files in them are low to begin with. That being said, it's probably still the best chance for recovery any of the files without paying the ransom.