![]() You may noticed that some of them are included repeatedly. ![]() In addition to that, there is a list of 788 file types (extensions), which won’t be encrypted. LockFile avoids files and folders, containing those sub-strings: Excluded sub-strings To prevent paralyzing the compromised PC entirely, AtomSilo has a list of folders, file names and file types that are left unencrypted which are listed here: This thread recursively searches the given logical drive and encrypts files found on it. How AtomSilo and LockFile Workīoth the AtomSilo and LockFile ransomware strains are very similar to each other and except for minor differences, this description covers both of them.ĪtomSilo ransomware searches local drives using a fixed drive list, whilst LockFile calls GetLogicalDriveStringsA() and processes all drives that are fixed drives.Ī separate thread is created for each drive in the list. ![]() This can include files with proprietary or unknown format, or with no format at all, such as text files. For that reason, some files may not be decrypted. Limitation of the decryptorĭuring the decryption process, the Avast AtomSilo decryptor relies on a known file format in order to verify that the file was successfully decrypted. ![]() We prepared our very own free Avast decryptor for both the AtomSilo and LockFile strains. Slightly later, he also analyzed another ransomware strain, LockFile. On Oct 17, 2021, Jiří Vinopal published information about a weakness in the AtomSilo ransomware and that it is possible to decrypt files without paying the ransom.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |