PUP Ransomware

Locky Decrypter – what is it?

Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading SpyHunter to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The encrypted files may not be the only damage done to you. parasite may still be hiding on your PC. To determine whether you've been infected with ransomware, we recommend downloading SpyHunter.

Download SpyHunter Anti-Malware

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

What is the Locky Decrypter?

The Locky Decrypter is a program developed by the creators of the infamous Locky ransomware virus, which has been active since mid-February 2016. The Locky ransomware virus is largely distributed with the help of infected emails that present you with a doc file called invoice. The text of the emails will contain generic business information and will urge people to open the invoice. While the invoice is a .doc file that makes it far from being safe. When it is ran it will demand that a macro be allowed to run in order to display the contents, if the user makes the mistake of allowing that all hell will break loose.

  • Remember this: there is absolutely nothing preventing the criminals from scamming you further.  There have actually been recent cases where users complain their files were not returned.

The Locky ransomware will swiftly encrypt all of the user’s file. At that point the existence of the Locky Decrypter will be revealed. The only way to obtain that program is to download it from Tor-based server that is completely anonymous. Since this whole operation is run entirely by cyber criminals the necessity for anonymity is understandable.

You will have to pay an amount between 0.5 to 1 BTC in order to download the Locky Decrypter. This online currency is also untraceable and once payment is conducted it can never be reversed.

Should you trust the Locky Decrypter with your money?

First of all, please remember that this software was not meant as a way to help you recover your files. It was actually made by the creators of the virus as a less obtrusive method to steal your money. The ransomware also probably delivered a timer – usually a week – to purchase the software or the price would double. Ouch. But should you pay?

Well, paying criminals is, of course, never a good idea, but with ransomware viruses like Locky you may have no other choice. The question is – what happens if the Locky Decrypter doesn’t work? Well, in that case your money is burnt and your files are lost anyway – a lesson a lot of people already learnt the hard way.

  • REMEMBER! Cyber-criminals don’t offer support when their tools don’t work, neither do they issue refunds!

The reality is that there is definitely something wrong with the Locky decrypter and some people can’t use it to recover their files, even after they paid for the hefty ransom asked.

Deciding whether to trust the program lies entirely on each and everyone’s own shoulders!

Our advice on the matter is to first remove the virus yourself and then see if you can recover your files using one of the alternative methods we’ve illustrated in our Locky Removal Guide over here (LINK). Then, depending on how successful you were with the recovery of your files, you can decide if throwing the money at the hackers is worth the risk.

Removing the Locky Decrypter

Whether the Decrypter worked or didn’t work for you it doesn’t really matter – you MUST remove this program from your machine. The program was developed from the people that created the Locky virus in the first place and it was downloaded via the Tor network. There is a very good reason why this network is known as the Deep Web – there are many ways in which you could get redirected and different Trojans, spyware, keyloggers and a slew of other nasty applications to be installed on your computer. Since the Decrypter itself is an executable there is also no telling what could be lurking beneath it.

Removing the Locky Decrypter is a straightforward process, but what you need to be wary is the above mentioned threats that could have been installed by (or alongside) it. Generally the best and safest course of action is a whole HDD format (wipe out of all data) and re-installation of the OS. Naturally, we understand that this is not always a possible course of action, especially for a computer on your workplace. In this case your best bet is obtaining a good anti-malware program and run a deep scan on your PC. If you are looking for our recommendation on this matter feel free to click on one of the banners we’ve added to this page.



Name Locky
Type Ransomware
Danger Level High
Symptoms Your personal files are encrypted with an RSA-4096 encryption, making them unaccessible. A ransom is demanded to release them.
Distribution Method Invariably a Trojan that found its way onto your PC through a phishing e-mail.
Detection Tool Ransomware are notoriously difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter is a malware detection tool. To remove the infection, you need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Remove Locky

Readers are interested in:


Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.


To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading SpyHunter
a professional malware removal tool.

More information on SpyHunter, steps to uninstallEULAThreat Assessment Criteria, and Privacy Policy.

The first thing you must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Locky may have hidden some of its files.

Hold the Start Key and R – copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Type msconfig in the search field and hit enter. A window will pop-up:


Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.


Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading SpyHunter to see if it can detect parasite files for you.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.



Type Regedit in the windows search field and press EnterOnce inside, press CTRL and F together and type the virus’s Name. 

Search for the ransomware  in your registries and delete the entries. Be extremely careful –  you can damage your system if you make a big mistake.

Type each of the following in the Windows Search Field:

  1. %AppData%
  2. %LocalAppData%
  3. %ProgramData%
  4. %WinDir%
  5. %Temp%

Delete everything in Temp. The rest just check our for anything recently added. Remember to leave us a comment if you run into any trouble!


How to Decrypt files infected with Locky

There is only one known way to remove the virus’ encryption that MAY work (no guarantees) – reversing your files to a previous state. There are two options you have for this:

The first is using a system backup. Search for Backup and Restore in the windows search field —–> “Select another backup to restore files from”


If you have no backups, your option is Recuva

Go to the official site for Recuva and download its free version. When you start the program, select the file types you want to recover. You probably want all files. Next select the location. You probably want Recuva to scan all locations.

Click on the box to enable Deep Scan. The program will now start working and it may take a really long time to finish, so be patient and take a break if necessary.

You will now get a big list of files to pick from. Select all relevant files you need and click Recover.

Did we help? Share your feedback with us so we can help other people in need!

Leave a Comment