Solved

Ransomware Locky

  • 9 December 2016
  • 8 replies
  • 60 views

Do you have a fix yet for the ransomware called "Locky" that has locked (encripted) most of my files? The local Geek Squad was unable to decrypt my computer files as they said the virus is too new. Please help me!
 
icon

Best answer by DanP 14 December 2016, 15:45

View original

8 replies

Userlevel 7
Badge +56
Hello and Welcome to the Webroot Community!
 
If you had Webroot SecureAnywhere installed before you got the Ransomware please Submit a Support Ticket and they will help you clean it up. If you didn't have WSA installed before the infection I'm not sure if they can help.
 
Thanks,
 
Daniel 😉
Userlevel 5
Badge +1
Does WRSA block and rollback from Locky or not? How would this user get infected by Locky and Geek Squad unble to help him/her if WRSA is dealing with this threat properly? I am potentially concerned because I have just renewed for another year for my kids.
Userlevel 7
Badge +56
I will ask @ to see if he can add some info.
Userlevel 7
Badge +35
WSA does detect/block Locky, although new variants do ocassionally get through as they will with any security solution. 
 
-Dan
Userlevel 5
Badge +1
Thanks for the update Dan. I have a question about WRSA, I am not too concerned about other products' failures - if a file is not explicitly recognised, then my understanding is that WRSA by default puts the file in isolation and monitors it, until it is either confirmed as malware or safe.Therefore, that may indicate that WRSA does not, or cannot always isolate, or when it does it, it is not watertight.
 
In my layman's view, WRSA may therefore potentially be giving too much leeway to unrecognised files and that whitelisting should perhaps get higher priority, to avoid such situations.
 
As I said, that's my guess, appreciate any insight from you. Thanks.
 
Updated: by the way, would changing firewall setting in WRSA to block ANY unknown process from connecting, even when not infected, mak the complete difference to avoid the abover user scenario of Locky and similar?
Userlevel 7
Badge +35
@ wrote:
Thanks for the update Dan. I have a question about WRSA, I am not too concerned about other products' failures - if a file is not explicitly recognised, then my understanding is that WRSA by default puts the file in isolation and monitors it, until it is either confirmed as malware or safe.Therefore, that may indicate that WRSA does not, or cannot always isolate, or when it does it, it is not watertight.
 
In my layman's view, WRSA may therefore potentially be giving too much leeway to unrecognised files and that whitelisting should perhaps get higher priority, to avoid such situations.
 
As I said, that's my guess, appreciate any insight from you. Thanks.
 
Updated: by the way, would changing firewall setting in WRSA to block ANY unknown process from connecting, even when not infected, mak the complete difference to avoid the abover user scenario of Locky and similar?
Our primary focus will remain the detection and removal of malware. While we do whitelist more than most, we are not a whitelist-based product. 
 
 
-Dan
Hello HLMill,
 
I highly recommend you open a support ticket! We can provide you with more information about this ransomware and some tools that will prevent a re-occurrence. Regarding your files, there could be system restore points present on your system that contain file backups, try these steps to see if they're still present:
 
1) Hold down the Windows Key + R and type "C:Users" and click OK.
2) Find your user account name and double click it to open the folder.
3) Right click the folder you'd like to restore, for example "C:UsersUserDesktop" and click "Restore previous versions".
4) Find a date and restore the files! Hopefully they should all come back. If they did not, the ransomware may have deleted the restore points.
 
I would also check and see if you have any backup software running on your system, sometimes we find that systems are backed up and people were not even aware.
 
Regards,
Jesse L.
Webroot Advanced Malware Removal Team
Userlevel 5
Badge +1
@ wrote:
Hello HLMill,
 
... We can provide you with ... some tools that will prevent a re-occurrence...
Could these tools be known more widely to WRSA users please, to help prevent Locky and similar please?

Reply