client oldalon ilyenekre is lehet loni:
We assume the user's machine to be infected:
If the following registry key has been added to the system:
•
HKEY_CURRENT_USER\
Software\
Microsoft
\Windows
\CurrentVersion\
Run
“Locky" = “%TEMP%
\.exe”
•
HKEY_CURRENT_USER\
Software\
Locky
"id" = <
Personal Identification ID
>
“pubkey” =
“paytext” = <
Content of “Locky_recover_instructions.txt”>
“completed” = “0x1” [This value will be added after completion of encryption]