MotoxLocker ransomware, a new variant of DetoxCrypto, has just recently been reported abusing the unsuspecting users. This new ransomware threat pretends to be CryptoLocker, a ransomware as solid as the Rock of Gibraltar. But MotoxLocker crypto virus, as a matter of fact, is as weak as a kitten. It is decryptable, it has been decrypted and we will tell you how to do that in an easy way without paying a cent to these hackers, most probably suffering from the delusion of grandeur. Get yourself comfortable, grab a donut, make some tea and give as just a couple of minutes to tell you the true story of MotoxLocker the ransomware virus.
About MotoxLocker Ransomware
MotoxLocker crypto-malware invokes the asymmetric encryption, commonly know as AES, to turn the data of the victim into a pile of junk. The targeted data files can be of various types, including text, audio, video files, archives, directories, images, etc. MotoxLocker ransomware is as sneaky as a snake – it does not append any extra or substitute extension to the filenames of the encrypted files. Thus, it is impossible to discern the encrypted files solely by their names. Only when they are clicked to be opened, the victimized user is faced with the fact that he (she) cannot open nor read them. The only bird of ill omen is the ransom note, which replaces your desktop wallpaper:
This ransom message by MotoxLocker crypto virus contain the contac e-mail firstname.lastname@example.org, which we recommend enter into the field of the receiver, only if you want to initiate a massive screwup of the data you store on your machine. The size of the ransom is 50 EUR. Even though it may seem to some as small as the point of a fine needle, we would rather spanked those guinea pigs who are willing to experiment with paying these cyber criminals, as the free legitimate decryptor is within your reach.
How is MotoxLocker Ransomware Spread?
MotoxLocker file-encrypting virus is a typical instance of a Trojan Virus, since it sends deceitful spam e-mails to the victims. These spam e-mails pass themselves off as e-mails sent by Trend Micro, an international security software company, and they enclose a PDF document which, having been executed, downloads the payload of MotoxLocker cryptomalware on the victim’s computer. At this point in time, it is not specified what false message these fake spam e-mails try to convey.
How to Decrypt Files Encrypted by MotoxLocker Ransomware?
You will need to have two tools to wipe MotoxLocker ransomware off the map. The first one is the public key, a random sixteen-character string, which is present on the screen covered with the ransom note and it is also stored in %USERPROFILE%\TrendMicro\key.pkm. You yourself will not need to do anything with it, since the decrypter will detect the key.pkm file itself and load it. The free decrypter is available at https://download.bleepingcomputer.com/demonslay335/MotoxDecrypter.zip.
We now that retrieving your data is your utmost concern at the moment. But before implementing the procedure of data retrieval, you have to remove the MotoxLocker virus. For this purpose, employ elaborate tools such as Reimage, Spyhunter or Malwarebytes. When you have booted your computer in the Safe Mode, the latter automatic malware removal software will do the rest in the most efficient way possible. The manual removal of ransomware viruses can be a rather tricky job. However, the free guide for the manual removal of MotoxLocker encrypting malware is the fig leaf, which covers the rest of this very page.
- About MotoxLocker Ransomware
- How is MotoxLocker Ransomware Spread?
- How to Decrypt Files Encrypted by MotoxLocker Ransomware?
- Automatic MotoxLocker Ransomware removal tools
- How to recover MotoxLocker Ransomware encrypted files and remove the virus
- Step 1. Restore system into last known good state using system restore
- Step 2. Complete removal of MotoxLocker Ransomware
- Step 3. Restore MotoxLocker Ransomware affected files using Shadow Volume Copies
- Step 4. Use Data Recovery programs to recover MotoxLocker Ransomware encrypted files
Automatic MotoxLocker Ransomware removal tools
How to recover MotoxLocker Ransomware encrypted files and remove the virus
Step 1. Restore system into last known good state using system restore
1. Reboot your computer to Safe Mode with Command Prompt:
for Windows 7 / Vista/ XP
- Start → Shutdown → Restart → OK.
- Press F8 key repeatedly until Advanced Boot Options window appears.
- Choose Safe Mode with Command Prompt.
for Windows 8 / 10
- Press Power at Windows login screen. Then press and hold Shift key and click Restart.
- Choose Troubleshoot → Advanced Options → Startup Settings and click Restart.
- When it loads, select Enable Safe Mode with Command Prompt from the list of Startup Settings.
2.Restore System files and settings.
- When Command Prompt mode loads, enter cd restore and press Enter.
- Then enter rstrui.exe and press Enter again.
- Click “Next” in the windows that appeared.
- Select one of the Restore Points that are available before MotoxLocker Ransomware has infiltrated to your system and then click “Next”.
- To start System restore click “Yes”.
Step 2. Complete removal of MotoxLocker Ransomware
After restoring your system, it is recommended to scan your computer with an anti-malware program, like Reimage and remove all malicious files related to MotoxLocker Ransomware. You can check other tools here.
Step 3. Restore MotoxLocker Ransomware affected files using Shadow Volume Copies
If you do not use System Restore option on your operating system, there is a chance to use shadow copy snapshots. They store copies of your files that point of time when the system restore snapshot was created. Usually MotoxLocker Ransomware tries to delete all possible Shadow Volume Copies, so this methods may not work on all computers. However, it may fail to do so.
Shadow Volume Copies are only available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8. There are two ways to retrieve your files via Shadow Volume Copy. You can do it using native Windows Previous Versions or via Shadow Explorer.a) Native Windows Previous Versions
Right-click on an encrypted file and select Properties → Previous versions tab. Now you will see all available copies of that particular file and the time when it was stored in a Shadow Volume Copy. Choose the version of the file you want to retrieve and click Copy if you want to save it to some directory of your own, or Restore if you want to replace existing, encrypted file. If you want to see the content of file first, just click Open.
b) Shadow Explorer
It is a program that can be found online for free. You can download either a full or a portable version of Shadow Explorer. Open the program. On the left top corner select the drive where the file you are looking for is a stored. You will see all folders on that drive. To retrieve a whole folder, right-click on it and select “Export”. Then choose where you want it to be stored.
Step 4. Use Data Recovery programs to recover MotoxLocker Ransomware encrypted files
There are several data recovery programs that might recover encrypted files as well. This does not work in all cases but you can try this:
- We suggest using another PC and connect the infected hard drive as slave. It is still possible to do this on infected PC though.
- Download Data Recovery Pro (commercial)
- Install and scan for recently deleted files.
Note: In many cases it is impossible to restore data files affected by modern ransomware. Thus I recommend using decent cloud backup software as precaution. We recommend checking out Carbonite, BackBlaze, CrashPlan or Mozy Home.