ILock Ransomware

iLock Ransomware Overview
The iLock ransomware is an updated version of an older threat identified in 2016. Other aliases include iLock, iLockLight or Lortok. This virus also uses branding that impersonates the Anonymous hacker collective. Upon infection with it the virus places an encrytped.pdb file to the following folder  C:\Users\admin\Documents\Visual Studio 2013\Project\iLock\encrypter\obj\Debug\encrypter.pdb.

iLock ransomware also modifies important registry values and may delete all available Volume Shadow Copies of the infected host.

iLock Ransomware Virus Note
Hello, all your files are encrypted, please contact us to restore them. To do this. open label 'online consultant', which is on the desktop or double-click the left rouse button on any encrypted file. if for some reason you can not contact us via the 'Live chat' contact us through the contact is offline: 1) Download the 'Tor Browser for windows', yod can download it here https://www.torproject.org/download/dmanload-easy.html.en 2) install and run 'Tor Browser' 3) click on the link 'http: //3goSagjlesrudfml.onion/ id useritil. id, & Hashro userProfile.dashiD, 'At' Tor Browser '- (ATTENTION, the site is available only through the' Tor Browser ') 4) Follow the instructions on the website "ro:, user10.10.""nashio:. usererofile.nashlo,""1) Attention, 'overwrite / rollback' of windows does not help to restore files but can ultimately damage chew, and even then we will not be able to restore them.""2) Antivirus nod32, drweb, kaspersky, etc. will not help you decrypt the files, even if you buy them a license for 10 years, they will still not restore files.""3) To encrypt files using ASS which was established in 1908. for 17 years, no one on tarth could not crack the encryption algorithm, even the NSA.""4) The key to other users you will not work, since each user a unique key, so do not expect that someone will pay and will lay the key to decrypt the files.""About encryption .AES256' on 'winrar' exanple, each file was placed in the file 'winrar', to archive 'winrar. put password of 256 characters: 1) Open the file only by typing your password 2) Delete 'hinrar' file is archiveo and can not open it. 3) kven if you move the file to another windows. it will still require a password to open. 4) if you 'reinstall / revert' win:ohs, the archive 'wlnrar' will archive and to open still need 'wlnrar' and password of 256 characters.""rou can malt until someone through 60 years will crack was256 encryption algorithm. and after 60 years to restore the files, or to pay for the key and restore files in a couple of hours, the choice Is yours! https://ru.wikipedia.org/wiki/Advanced_ancrypcion_standard"""Depending on the geographical location of the victim the wallpaper may be changed as well. The virus has additional modules that support features like live chat on the TOR network.

iLock Ransomware Distribution
The detected iLock ransomware samples appear to target mainly Russian-speaking users. It spreads by spam email campaigns, direct attacks and various add-ons such as malicious ads or browser hijackers.

iLock Ransomware Removal
In-depth removal instructions and detailed technical information about the virus can be found on Best Security Search.