Zyklon Locker Ransomware

Posted by Lisa Blanc on May 30, 2016

What is Zyklon Locker Ransomware?

It could be one of the darkest days in the history of your computer’s life when you find out that Zyklon Locker Ransomware has attacked it. This Trojan ransomware seems very much like another known infection called GNL Locker Ransomware. This malware encrypts your most important document, image, and program files, which can only be recovered if you get hold of the private password. You should know that there may be complications even if you are willing to pay the demanded ransom fee. Remember that you are dealing with crooks and there could be technical issues as well. Therefore, according to our malware specialists at anti-spyware-101.com, the only real solution in this serious attack is if you have a saved copy of your files on an external hard disk or pen drive. Otherwise, it is quite possible that you will never be able to recover your files. This may sound quite shocking for you, but you should not hesitate to act. We believe that you should delete Zyklon Locker Ransomware immediately if you want to protect your system.

Where does Zyklon Locker Ransomware come from?

According to our research, this malware infection mainly spreads in spam e-mails. In fact, this is the most frequently used method for criminals to distribute Trojan ransomware over the web. A lot of people can be fooled by tricky spam mails into believing that they have just got a very important message plus an attached file they need to download ASAP to check it out. These attached files can be disguised as image (.jpg), video (.avi), or macro-enabled text files (.docx, .pdf). But since you may believe that it is important that you download and open this file, this is how you actually infect your system with this ransomware. So if you want to make sure that similar threats do not land on your machine, you should be more alert about clicking on e-mails in your inbox because just like this spam has managed to sneak through your spam filter, other mails can also trick your defense system. Being more careful about opening your mails and downloading attachments can save you from a lot of headaches. As a matter of fact, if you have a security tool installed, you should always scan the files you download from the web because you can prevent similar disasters. Nevertheless, right now we advise you to remove Zyklon Locker Ransomware as soon as possible.

How does Zyklon Locker Ransomware work?

When you initiate this ransomware by double-clicking on the downloaded file, it creates a random-name folder (e.g., “Xrxoeoa”) in the %Appdata% directory, three files ("Ponmsiyyks.exe," "Cigrmkwhrrxoeoaon.dll", and "Rlesvxamvenagx @ZL@LjiCw@ZL@ .xml.zyklon") in the %Temp% directory as well as two text files ("UNLOCK_FILES_README_e4f.html" and “UNLOCK_FILES_README_e4f.txt") on your desktop and Documents folder. This ransomware uses the AES-256 encryption algorithm to cipher your files. It mainly targets your photos, documents, and program files, including .accda, .accdb, .accdc, .accde, .accdp, .accdt, .accdu, .ashx, .aspx, .cert, .class, .docm, .docx, .dotm, .dotx, .gdoc, .html, .jpeg, .json, .laccdb, .ldif, .mpeg, .opml, .potx, .ppsx, .pptm, .pptx, .prproj, .save, .sqlite, .webm, .xlsm, and .xlsx file extensions. After the encryption, your file names get modified and will look something like “image1_2_n @ZL@LjiCw@ZL@ .jpg.zyklon.”

Zyklon Locker Ransomware notifies you about the encryption and what you have to do in a short ransom note that appears on your desktop on black background. You are instructed to open either the .txt or the .html file for more detail. From these files you are informed that it is impossible to crack the password that is vital for the decryption of your files and that you have to pay 0.65 Bitcoins, which is around 310 EUR or 345 US dollars at the time of writing. This is quite a large amount if you only have old pictures and some useless documents stored on your computer. Thus, if this ransomware hits you, it is also important for you to consider if your files are worth this much at all. You are given two specific websites that are set up for your individual code, such as paymentgatewaya.ru/e4f5da84df. You find more bits of information about the payment and how to decrypt your files. If you do not succeed through these sites, you are also given a Tor address to check. It is up to you how you decide regarding the ransom fee. We cannot stop you from paying. But do not forget that these criminals may not deliver the password. No matter how you decide, in the end you need to remove Zyklon Locker Ransomware if you want to use your computer at all; the sooner, the better.

How to delete Zyklon Locker Ransomware

As a matter of fact, it is not too difficult to delete Zyklon Locker Ransomware from your computer. It has no reason to make it complicated for you as once its job is done, you will have more on your plate than cleaning this infection from your system. Please follow our guide below if you would like to manually eliminate this dangerous threat. We believe that after such a nightmare you should definitely do two things: make regular backup copies onto a removable drive and consider using a decent anti-malware application to protect your PC. Also, keep all your programs and drivers always updated to make it more difficult for cyber criminals to access your computer.

Remove Zyklon Locker Ransomware from Windows

  1. Tap Win+E to open File Explorer.
  2. Locate and delete the malicious executable file you downloaded from the spam mail.
  3. Delete the random-name (e.g., “Xrxoeoa”) main folder in %Appdata%
  4. Delete the random-name shortcut: %Appdata%\Microsoft\Windows\Start Menu\Programs\Startup\Ponmsiyyks.lnk
  5. Remove %Temp%\RarSFX0 or %Temp%\RarSFX1 folder.
  6. Empty the Recycle Bin and reboot your system.
100% FREE spyware scan and
tested removal of Zyklon Locker Ransomware*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *