Is there any way to decrypt .locky files?

Question

I would like to help to my friend.

She opened a email, and after that, all files is transform to some encrypt format on she computer.

Every image, document extension replaced by .locky.

Now, after hours and hours searching on google I dosen't find any trusted way for she get back they files.

I hope we can find out something.

What I already tried:

1. Remove virus with programs: Malwerebytes, Hitmanpro, they dosen't find any result.
2. I tried restore the system from the control panel.-Gess what, no restore points..
3. I tried shadowfile explorer, which capable search shadow files-No results.
4. I tried rename files from .locky to original format like:png,jpg, etc.- Dosen't work either.

At this point I gived up, I need some help from a experted person.

We would like to target one specifick file types, images, like jpg, jpeg, png and others.

Is there anyway for we can recover this files, without for we need to pay to the hacker?

My friend does not have any backups of the files in question.

Answer 1

The "Locky" ransomware will remove VSS (volume snapshot service) AKA shadow copies that may have been made previously, so that's why you aren't seeing those. Simply renaming the files will not work since the files have been encrypted, and the ransomware wants you to pay for the key to decrypt the files. The amount will vary. The only way to get the files back are from a backup.