SZFLocker ransomware is a Polish file-encrypting virus. It is a new ransomware threat, so security experts have not performed an extensive analysis of it yet. Once it is carried out, we will present you with the findings. At first blush, SZFLocker seems a typical sample of recent data-locking viruses, employing the same tactics. It sneaks into your computer stealthily, looks around for data to be damaged, exploits malicious script to encrypt it and drops you a message embracing the ransom note.
About SZFLocker Ransomware
SZFLocker ransomware encrypts a wide variety of files, including text, audio, video and other type of data. It appends .szf filename extension to the filename extensions of the encrypted files (this is where the name of the ransomware comes from). Thus, for instance, Invoice.doc, after having experienced metamorphosis like the character of Kafka’s novella who transformed into a giant dreadful insect-like creature, becomes Invoice.doc.szf. SZFLocker is a very laconic ransomware, its ransom note consists of only one sentence (the original is in Polish):
Encrypted files. The service is available at deciphering deszyfrator.deszyfr(@)yandex.ru.
As you can see, the only concrete information rendered in the message is the contact e-mail address. On that account, we are inclined to think that detailed information is to be provided when the victim contacts the hackers by the e-mail given. Indeed, it is not characteristic of ransomware viruses to write just only one sentence in the ransom message. For example, SamSam ransomware’s message is very extensive. Coming back to SZFLocker virus, there have been allegations that the cyber crooks behind this ransomware demand for 500 USD. It is not as much as the previously mentioned file-encoder demands for, but it is still a sum of money no one would like to blow on nothing (it is highly questionable, whether the cyber criminals have the decryption key or whether they will provide you with it after you have made a payment).
How is SZFLocker Ransomware Distributed?
As we have already covered, SZFLocker is a stereotypical file-encrypter. So, it follows, then, that it is a Trojan Virus as well. To go into a greater detail, the Trojan Horse is the spam e-mail sent to a victim’s e-mail box. This virus acts just like the Greeks when they entered the city of Troy. Literally, it is the tactics of deception. This spam e-mail is disguised as some important document or notice from a legal entity or a well-known company or organization. Sometimes, the sender may be even blindfolded. Both the methods serve as charm that captivate a naive user. The e-mail contain malicious links or it has malicious files attached to it. Once the links are followed or the files are opened, the malicious script starts executing on the computer’s system.
How to Decrypt Files Encrypted by SZFLocker Ransomware?
Though there are websites offering SZFLocker decryptors, they are not 100% effective and should not be relied upon entirely. Better make a copy of your hard drive and wait till the effective decryptor is released. However, if you cannot wait for the decryptor to be developed, check the Shadow Volume Copies, if you have been running Shadow Volume Service. If not, try data recovery tools such as utilities produced by Kaspersky Lab, Recuva, R-Studio, PhotoRec, etc. Before doing that, make sure that SZFLocker ransomware is removed from your machine. Apply Spyhunter or Malwarebytes professional automatic malware removal utilities to do this job for you. These security scanners will clean the whole of your computer’s system. Your PC will become as neat as a pin. You can also try manual removal of this ransomware. Our security experts have developed manual removal instructions which we submit for free. See below.
Update: the decrypter is now available at here: link. You can download it for free and successfully decrypt your files.