How to Remove “.Locky” ransomware (Cryptosystem virus removal guide)

Locky virus is a new ransomware that encrypts your data using AES encryption and then ransom 0.5 BTC (approximately US$210) bitcoins to pay for Locky Decryptor™ to decrypt your files.
Locky virus is currently being distributed via email that contains Word document attachments with malicious macros. The email message will contain a subject similar to ATTN: Invoice J-98223146 and a message such as “Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice”.
Once Locky virus is infect your PC, Locky will then scan all local drives and unmapped network shares for data files to encrypt. It appends the .locked extension to the encrypted files. It makes sure you see the following message by changing your desktop wallpaper:


All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:

If all of this addresses are not available, follow these steps:
1. Download and install Tor Browser:
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: i3ezlvkoi7fwyood.onion/34535A9802…
4. Follow the instructions on the site.


Author: WITS Curators

Bo Washington is a Certified Computer Specialist and the owner and operator of Washington IT Solutions, a local Bartlesville computer repair company. He has been fixing computers since the late 90's and has clocked up thousands of hours performing hardware upgrades, system builds, software installations, virus and spyware removal using the most up to date techniques and general computer services.

Share This Post On

Leave a Reply

%d bloggers like this: