FANDOM


PyLock is a ransomware that stealthily infiltrates computers and encrypts most of stored data rendering it unusable.

Payload

Transmission

PyLock is distributed through third party software download sources (freeware download websites, free file hosting sites, Peer-to-Peer [P2P] networks, etc.), spam emails, trojans, and fake software updaters/cracks.

Infection

While compromising data, PyLock appends each filename with ".locked" extension (e.g., "sample.jpg" would be renamed to "sample.jpg.locked" and so on so forth). Once data is encrypted, users are presented with a pop-up window containing a ransom-demanding message.

The opened pop-up window delivers a message informing victims that data is encrypted using the AES-256 cryptography. For this reason, victims have to purchase a decryption key if they want to restore it. Unfortunately, the fact that decryption requires a unique key is true. AES is a symmetric encryption algorithm that uses the exact same key for both encryption and decryption algorithms. A unique key is generated individually for each victim.

The problem is that victims cannot access their keys as all of them are stored in a remote server controlled by PyLock's developers. For this reason, cyber criminals can easily blackmail victims by offering a paid recovery. According to the pop-up window, each key costs 5 Bitcoins, which is currently worth of approximately $51000. 

Text presented in PyLock ransomware's pop-up window:

The important files on your computer have been encrypted with military grade AES-256 
bit encryption. Cannot be unlocked without the decryption key.

* DON'T MODIFY OR RENAME ENCRYPTED FILES, THIS CAUSE DAMAGE YOUR 
FILES PERMANENTLY!
* DON'T MODIFY ENCRYPTED UNIQUE KEY, THIS CAUSE DAMAGE YOUR FILES 
PERMANENTLY!
* DON'T USE THIRD-PARTY OR PUBLIC TOOLS/SOFTWARE TO DECRYPT YOUR 
FILES, THIS CAUSE DAMAGE YOUR FILES PERMANENTLY!

To acquire this key, transfer the Bitcoin Fee to the specified wallet address before the 
time runs out, for instructions: solutionshelp@protonmail.com

If you fail to take action within this time window, the decryption key will be destroyed 
and access to your files will be permanently lost.
Community content is available under CC-BY-SA unless otherwise noted.