Recent Articles
Data Recovery Success Case: Rapid Turnaround for Critical Personal Information
How to fix a corrupted database on PS4
How to Troubleshoot Black or Blank Screens in Windows
LockBit Ransomware: A Comprehensive Guide to the Most Prolific Cyber Threat
How To Use iPad Recovery Mode
How to Prevent Overwriting Files: Best Practices
External Hard Drive Not Showing Up On Windows – Solved
How to Fix a Corrupted iPhone Backup
Backup and Remote Wiping Procedures
Common VMware Issues and Troubleshooting Solutions
I think there's an issue with my storage device, but I'm not sure Start a free evaluation →
I need help getting my data back right now Call now (800) 972-3282
History
Lock2017 is a ransomware strain that was first seen in the wild in early 2017. We believe Lock2017 to be a variant of Locky, another well-known ransomware family. Lock2017 shares many similarities with Locky, including the way it encrypts files and the ransom note it leaves behind.
How does Lock2017 work?
Attackers spread this ransomware through spam emails that contain malicious attachments or links. These emails usually masquerade as being from a legitimate organization or individual and often contain convincing subject lines and messages. Once opened, the attachment or link will download and install the ransomware on the victim’s computer.
Once Lock2017 is installed, it will scan the computer for certain file types to encrypt. It uses a strong encryption algorithm to encrypt these files, making them inaccessible to the victim. Lock2017 then leaves a ransom note on the victim’s desktop that contains instructions on how to pay the ransom and decrypt the encrypted files.
What encryption algorithm does Lock2017 use?
Lock2017 Ransomware uses the RSA-2048 encryption algorithm to encrypt victims’ files. This is a very strong encryption algorithm that can only be decrypted with the private key, which is in the possession of the attackers.
What types of files does Lock2017 encrypt?
It primarily targets Microsoft Office and PDF files, as well as any other file type that may be of value to the victim.
How much is the ransom?
The ransom demanded by Lock2017 Ransomware varies depending on the individual case, but it is typically around 0.5 Bitcoins (approximately USD 1,000 at the time of writing). The attackers usually give victims a deadline to pay the ransom, after which the price will double.
If you don’t pay the ransom within the given timeframe, Lock2017 will delete the private key, making it impossible to decrypt the files.
What should I do?
If you’re infected with Lock2017 Ransomware, the first thing you should do is disconnect your computer from the internet to prevent the ransomware from encrypting any more files. You should then backup all of your important files in case you need to restore them later.
Once you’ve backed up your files, you can use a reputable anti-malware program to remove Lock2017 from your computer and protect yourself from future infections.
You should never pay the ransom demand as this will only encourage the attackers and there is no guarantee that they will send you the decryption key.
Is there a public decryption tool available?
At this time, there is no known way to decrypt Lock2017 Ransomware without the private key.
Contact a data recovery service
The best way to recover your files is to contact a data recovery service that specializes in ransomware decryption. These services have access to tools and resources that may be able to decrypt your files.
SalvageData Recovery Services is one of the leading data recovery services in North America. We have a 90% success rate in decrypting files encrypted by Lock2017 Ransomware and can usually recover your files within 24-48 hours.
For more information or to start a case, please visit our website or give us a call at +1 (800) 972-3282. We are available 24/7 to help you.