Ransomware Research

PyLocky Ransomware

PyLocky is a malicious ransomware strain that encrypts victim files and demands ransom payment for decryption. First observed in the wild on July 1, 2018, this ransomware has been actively targeting systems worldwide. Security researchers also track this malware under the aliases: LockyLocker.

Quick Facts

Ransomware Family
PyLocky
First Seen
July 1, 2018
Known Aliases
LockyLocker

How PyLocky Ransomware Works

Targeted Files

8655f8599b0892d55efc13fea404b520858d01812251b1d25dcf0afb4684dce9 -> Tested OK The content of the original files replaced with ransom notes https://app.any.run/tasks/190f5b9b-24b8-4801-844a-6bdd29e996e2/

File Encryption Patterns

PyLocky modifies encrypted files using specific patterns to mark them as encrypted:

File extensions added after encryption:

..locky..lockedfile

Ransom Note and Payment Demands

After encrypting files, PyLocky displays ransom notes demanding payment for file recovery:

fileLOCKY-README.txt

Ransom message:

notes/LOCKY-README.txt

Note locations:

EveryFolder
file{origin_filename}

Ransom message:

notes/LOCKY-README.txt

Note locations:

EveryFile

Technical Indicators

Associated Executable Files

The following executable files are associated with PyLocky ransomware:

  • PyLocky.exe
  • Facture_25.07.2018_991030.exe
  • 652fd0ab346d99a3d436157d04b8f3657b49c90b
  • pythonSigned.exe
  • BulBa Setup.exe
  • facture_4739149_08.26.2018.exe
  • Pylocky.exe
  • rsa.exe
  • myfile.exe
  • PyRan Ver2.exe
  • locky.exe
  • zbetcheckin_tracker_rsa.exe

Recovery and Decryption Tools

Good news! Decryption tools are available for PyLocky ransomware:

0

Elastio Can Help You

Don't let PyLocky ransomware take over your data

Elastio provides advanced ransomware protection and recovery solutions to keep your organization safe.

About This Analysis

This PyLocky ransomware analysis is part of Elastio's comprehensive ransomware detection database. Elastio provides advanced ransomware protection and recovery solutions, helping organizations defend against and recover from ransomware attacks like PyLocky.

Last updated: July 30, 2025

PyLocky Ransomware - Detectable by Elastio