Do you know what Exolock Ransomware is?
If your computer crashes out of the blue, it may not be due to the usual system failures; it is possible that Exolock Ransomware managed to infiltrate your system and take your files hostage. Our researchers inspected this dangerous malware infection in our internal lab and concluded that current version may not be a fully working product of cyber criminals since it crashes before it could reach the most important, the display of the ransom note. Without this ransom note window this ransomware is useless to its authors since no victims could really find out what has happened to their files and what they are supposed to do; well, unless they find our report in time. Fortunately, we do have the image of this ransom note window so that you can finally see what these criminals claim and demand from you. Still, we do not advise you to contact or transfer money to these crooks because it almost never ends well for victims. There is very little chance that you would get your decryption key to be able to decode your files. Or would you trust such criminals who cannot even write a proper code without crashing? We strongly recommend that you remove Exolock Ransomware from your system right now.
There are a couple of options regarding the distribution of this severe threat but the most likely way for you to infect your PC with this ransomware is to download its malicious executable from a spam e-mail. It is also possible that this malicious attachment is a Trojan that will download the executable in the background and activates it after you try to view the attached file. Another trick these villains may use that they place a corrupt link or button in the body of the spam that would, again, drop this malicious file or one with the payload. Unfortunately, nowadays it is getting harder and harder to spot a spam mail when it comes from dedicated cyber crooks. It is possible that even more experienced users step into this trap because this spam can appear to be completely normal and authentic if you look at the sender or subject fields. This spam may end up in your spam folder but when you scan through that folder to see if any important mail landed there by mistake, it is quite likely that this spam would be one that you would want to see right away. The reason is that this spam claims to be regarding a matter that would be considered urgent by anyone, such as a notification from the local police (e.g., unpaid speeding ticket), an overdue invoice issued by a well-known company, or any issue with your credit card details, etc. Remember that you cannot delete Exolock Ransomware without serious damage to your files. So if you get a mail next time that you have some doubts about, contact its sender to find out if it has come from a real person.
Exolock Ransomware screenshot
Scroll down for full removal instructions
Another option is that you get redirected to a malicious site that has Exploit Kits operating in the background. In this case, you do not even need to engage with any content on this page because the drop is triggered the moment the page is loaded in your browser. The only condition for this vicious cyber attack to work is that your browsers or drivers (Flash and Java) need to be outdated. In other words, if you neglect the update of your programs, cyber criminals can take advantage of them and drop infections onto your system. If you want to avoid such attacks, you should update your programs regularly and refrain from clicking on third-party ads and links on suspicious websites.
Our research and tests indicate that this ransomware uses the usual AES encryption algorithm to encrypt the targeted files. Since this algorithm is actually part of your Windows operating system, the encryption process could be over within a single minute depending on the number of files affected and the performance of your PC. The infected files get a new extension, ".exolocked" that can help you to figure out what has hit you since this current version seems to crash with a blue screen of death after the damage is done. In order to help you see what has attacked you and what the demands are, here is the screenshot of the ransom note that is supposed to come up on your screen at this point: "2.bp.blogspot.com/-RFj4_9RlH8I/Wb49k8vEuPI/AAAAAAAAG0s/UqhlLtYWO58qEF7gSUOxaXOSqfcpacqRwCLcBGAs/s1600/ExoLock.png". As you can see, these crooks want you to pay 0.01 BTC (approximately 41 dollars) for the decryption of your files. The question is, how could you trust these crooks to decrypt your files when this ransomware may crash at the most important stage and you may not even see this ransom note? Not that we would advise you to pay at all. As a matter of fact, it is rather risky to pay because you can easily be scammed and lose your money, too. Thus, we can only advise you to remove Exolock Ransomware as soon as possible.
Since there is a chance that your system crashes in this dangerous attack, you have no choice but to restart your computer. Once you log back in, you can try to identify the malicious file you have downloaded recently to delete it or all the possibly related ones. Please follow our guide below if you want to manually eliminate this ransomware. Of course, there is always a more elegant and effective way to do this, which can also automatically protect your PC against future attacks. This is why we suggest that you consider using a reliable malware removal application like SpyHunter.
Remove Exolock Ransomware from Windows
- Reboot your system.
- Tap Win+E.
- Delete all suspicious files you can find in your download directories (e.g., %Temp%, Downloads, and Desktop folders).
- Empty your Recycle Bin and restart your PC.
In non-techie terms:
Exolock Ransomware is a malicious program that surfaced in the beginning of September, 2017. Our researchers say that this ransomware may not be a finished threat since the sample that is spreading right now seems to crash your system before it could show you the ransom note window. Unfortunately, this threat seems to crash right after it finishes encryption, which means that you may lose access to all your files in this malicious attack. Since you could not see the ransom note and it looks like this infection does not drop any additional file, you would not even know what really happened or how you could pay for the decryption key. Of course, we do not want to encourage you to pay the ransom fee to get your files back; we never do in such cases. In fact, we recommend, as always, that you remove Exolock Ransomware from your system immediately to avoid further system security issues. Please note that deleting Exolock Ransomware will not decrypt your files, i.e., you will not have access to your files. If you want proper protection for your PC, we advise you to install a decent anti-malware program.