8lock8 ransomware, also known as EightLockEight ransomware, is said to be developed from the source code of HiddenTear ransomware. 8Lock8 file encoder employs asymmetric encryption algorithm. Two keys are generated: public (decryption) key and private (encryption) key. The private key is stored on C&C (Command and Control) servers controlled by the hackers. However, this ransomware has a flaw. Sometimes it fails to connect to its C&C server and store the decryption key on it.
About 8lock8 Ransomware
8lock8 ransomware may appear in one of the following locations: %AppData%, %Temp%, %Roaming%, %Common%, %{User’s Profile}% or %System32% folder. It appends the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run registry entry to Windows Registry in order to start automatically when the victim launches the PC. This cryptomalware directly attacks the drives of your computer, changes their settings and encrypts almost all sorts of files. The data is encrypted with AES-256 cipher. 8Lock8 encoder appends .8lock8 extension to the filename extensions of encrypted files, for instance, book.doc becomes book.doc.8lock8. The file READ_IT.txt is dropped on your desktop and in every folder of encrypted files. This file encloses the ransom note written in two languages: English and Russian. The note contains two contact e-mails: [email protected] and [email protected]. However, the size of the ransom is not disclosed.
How is 8lock8 Ransomware Distributed?
Malicious links in spam e-mails which redirect to malicious URLs infected with malicious scripts are the primary source of this ransomware trojan. The attachments of these spam e-mails may also contain infected files which, once opened, execute malicious scripts on your computer’s system. They can disguise themselves in various invoices, official documents, etc. The cyber criminals behind this ransomware threat go great guns to make you fall into their trap. The secondary source of 8lock8 cryptomalware infiltration is the system vulnerabilities targeted by exploit kits (e.g. Angler EK). In this case, the best preventative measure you can take is to use a reliable anti-virus utility.
How to Decrypt files Encrypted by 8lock8 Ransomware?
Luckily, 8lock8 ransomware is decryptable. But the decryption is to be implemented only after the manual or automatic removal of the virus since the ransomware can easily re-encrypt your data again. Spyhunter, Hitman or Malwarebytes are the powerful malware (including ransomware) removal tools to be applied facing such threats as 8lock8 ransomware. Ransomwares keep mutating and growing in their number rapidly, accordingly, you have to not only install but also update your anti-virus regularly. Manual removal instructions are provided below.
Now it is the time for decryption. You will have to employ HiddenTear Bruteforcer. Download it from the following link: https://download.bleepingcomputer.com/demonslay335/hidden-tear-bruteforcer.zip. You will also have to prepare the smallest encrypted PNG file. When you have the decrypter opened, load the PNG file and select EightLockEight mode at the bottom. Then, click the Start Bruteforce button. When the decryption key is found the window will show ‘‘Key Found!’’ text in green and the message in black bold ‘‘Click here to check file for success’’ below. Click on the message to preview the tested file, if it has been decrypted successfully. If it has, you have the working decrypter. Copy the key and paste it into HT (HiddenTear) Decrypter. Then, select the directory of encrypted files. The password is x1ai2g55r4u3r1p1dehdtoyf1zziap6j. The extension, as you already know, is .8lock8. And, click the Decrypt My Files button. Once the files are decrypted, you will be greated with ‘‘Files Decrypted!’’ text in green. Note. If the hash (the last line of random letters) in your ransom note ends with AH33, skip the whole procedure. Instead, fill the password line with ‘‘Whendiplomacyends,Warbegins.1933’’ and click Decrypt My Files (do not forget to fill the extension line). The following case occurs when the ransomware fails to connect its C&C (Command and Control) server to send the private encryption key.
Another way to decrypt your files is to download and use decryptor from here: link. So feel free to choose the method that fits your needs the best.
Automatic Malware removal tools
(Win)
Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,
(Mac)
Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,