Mlock Ransomware

What happened to my files when Mlock Ransomware attack?

A strange extension has been added to your files, and you can't open your files.
So, you think they are locked ?!.

No,.... your the real fact is your files are totally encrypted be a Ransomware affect, which generate a new variant belong to some types of ransomware.

These types of ransomware can lock /encrypt/ damage your private files (videos, images, documentations) and whatever you think. Then your files' name will end by a new extension. So, you can’t obtain access to them at all.

Ransomware can encrypts all popular file types. Quickly as the file encryption is effectively achieved, so users can't get access to them. virus add its own extension to all the encrypted data. For instance, the file “timesheet.xls”, after get crypted , will be titled as “timesheet.xls.mlock5”.When the encryption is accomplished, it will put text document (_readme.txt) into all the folders that keep the encrypted files.

The used technique for file's encryption will release a unique ransomware decryption key, which is definitely unique for each computer system.

ID Ransomware Extension :

Type of : Ransomware
Family: Mlock
Description: The ransomware locks all the data stored on your system and requires a money ransom to be paid on your part supposedly to recover your important files.
Encryption: File encryption by the ransomware is performed by means of the AES-1024 algorithm encryption. Once the encryption is completed, to adds its special extension to all the files modified by it.
Distribution Method: Adware bundles and software cracks.

The Web is now loaded with infections comparable to the virus. It's recommended for you to frequently make backups of all your essential documents to an external storage. like, the USB Flash Drive, external hard disk drive, or using the cloud data storage services. Keeping the backups on your system drive is very risky, since the backup may also be encrypted by the ransomware.

Once the encryption process was finished, an HTML file named "HOW_TO_RECOVER_DATA.html" was dropped onto the desktop.

Mlock ransomware overview

The ransom note ("HOW_TO_RECOVER_DATA.html") informed victims that their company network was compromised. The inaccessible files were encrypted using the RSA and AES cryptographic algorithms, and confidential data was exfiltrated.

To decrypt the files, victims are informed that they must pay a ransom. If they refuse - the downloaded sensitive content will be sold or leaked online. The message then instructs victims on how to access the cyber criminals' Tor network website, on which they can test decryption by uploading a few encrypted files.

Removing Mlock ransomware from the operating system will prevent it from further encryptions. Unfortunately, removal will not restore already affected data. The sole solution is recovering the files from a backup (if one is available).

To avoid permanent data loss, we strongly recommend keeping backups in Cloud Storage servers and/or unplugged storage devices (preferably, in multiple separate locations).

How did ransomware attack My computer system?

This type can hit your system by a method from these:

1- freeware third-party programs, cracks.

2- spam e-mails ;

3- free hosting websites;

4- torrent software.

Opening these types or clicking on the harmful links might harm the system.

How to prevent ransomware in our systems from the ransomware attack?

1. Do not open any suspicious e-mail attachments, specifically if the sender is unknown for you .

2. Do not install unsecured freeware.

3. install an anti malware or an anti virus with last update even if free, to check every file you downloaded it from the web before opening it.

Appearance of Mlock ransomware's HTML file "HOW_TO_RECOVER_DATA.html"

YOUR PERSONAL ID:
-xxxxxxxxxx
/!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\
All your important files have been encrypted!
Your files are safe! Only modified. (RSA+AES)
ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE
WILL PERMANENTLY CORRUPT IT.
DO NOT MODIFY ENCRYPTED FILES.
DO NOT RENAME ENCRYPTED FILES.
No software available on internet can help you. We are the only ones able to
solve your problem.
We gathered highly confidential/personal data. These data are currently stored on
a private server. This server will be immediately destroyed after your payment.
If you decide to not pay, we will release your data to public or re-seller.
So you can expect your data to be publicly available in the near future..
We only seek money and our goal is not to damage your reputation or prevent
your business from running.
You will can send us 2-3 non-important files and we will decrypt it for free
to prove we are able to give your files back.
Contact us for price and get decryption software.
qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
* Note that this server is available via Tor browser only
Follow the instructions to open the link:
1. Type the addres "hxxps://www.torproject.org" in your Internet browser. It opens the Tor site.
2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it.
3. Now you have Tor browser. In the Tor Browser open qd7pcafncosqfqu3ha6fcx4h6sr7tzwagzpcdcnytiw3b6varaeqv5yd.onion
4. Start a chat and follow the further instructions.
If you can not use the above link, use the email:
restoreassistance@decorous.cyou
restoreassistance@wholeness.business
* To contact us, create a new free email account on the site: protonmail.com
IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.