Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

PyLocky Ransomware (<Original Filename>.<Original Extension>.lockedfile)

  • Distribution Method : Download the file via a link included in the email message
  • MD5 : d3d28b9665bdbc7a297e977134b90810
  • Major Detection Name : Trojan/Win32.PyLocky.C2265541 (AhnLab V3), Python/Ransom.d (McAfee)
  • Encrypted File Pattern : <Original Filename>.<Original Extension>.lockedfile
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Local\Temp\is-<Random>.tmp\lockyfud.exe
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOCKY-README.txt
  • Payment Instruction File : <Original Filename>.<Original Extension> / <Original Filename>.<Original Extension>.lockymap / LOCKY-README.txt
  • Major Characteristics :
     - Python-based Ransomware
     - "LA CREM LTD" with digital signatures
     - The English, Italian, French and Korean users targeted