What is AslaHora Ransomware? And how does it work?
AslaHora ransomware is an encryption Trojan, also known as the Malki ransomware. The AslaHora ransomware marks the targeted files with the .malki file extension. Unlike what some IT experts believed, this ransomware is not based on the HiddenTear open source platform, as a matter of fact, it is a different kind of infection. After taking a closer look, our research team found out that this malicious program might still be in development and was released for testing purposes only. Even so, if your computer gets infected with this ransomware, chances are you won’t be able to restore your files after it encrypts them since the crooks who are behind this malware does not even provide a decryption key. But you need not worry for this article will provide you a way to recover your files. Apart from encrypting your files, the motive in creating this kind of infection is still unclear since it does not ask for any ransom as well.
Upon running some tests, our experts concluded that it encrypts the following file types with the .malki file extension:
.3gp, .7z, .apk, .avi, .bmp, .cdr, .cer, .chm, .conf, .css, .csv, .dat, .db, .dbf, .djvu, .dbx, .docm, ,doc, .epub, .docx .fb2, .flv, .gif, .gz, .iso .ibooks,.jpeg, .jpg, .key, .mdb .md2, .mdf, .mht, .mobi .mhtm, .mkv, .mov, .mp3, .mp4, .mpg .mpeg, .pict, .pdf, .pps, .pkg, .png, .ppt .pptx, .ppsx, .psd, .rar, .rtf, .scr, .swf, .sav, .tiff, .tif, .tbl, .torrent, .txt, .vsd, .wmv, .xls, .xlsx, .xps, .xml, .ckp, .zip, .java, .py, .asm, .c, .cpp, .cs, .js, .php, .dacpac, .rbw, .rb, .mrg, .dcx, .db3, .sql, .sqlite3, .sqlite, .sqlitedb, .psd, .psp, .pdb, .dxf, .dwg, .drw, .casb, .ccp, .cal, .cmx, .cr2
After it finishes its encryption attack, it locks your computer with a blue screen and a message saying:
“ENTER UNLOCK CODE GIVEN BY MALKI!!!
[check box] I agree that I won’t run the malicious program again.
How is AslaHora ransomware distributed?
According to our malware analysts, this infection may spread through the Angler Exploit kit which is embedded into a malicious site that is set to infect your computer when you interact with any Flash or Java content displayed on the site. So the AslaHora ransomware’s infected file could be named randomly and drop it into your computer.
To terminate AslaHora ransomware, follow the elimination guide below.
Step 1: Type in MALKIMALKIMALKI on the code line.
Step 2: After typing the code, click the Unlock button to unlock your computer.
Step 3: Open the Windows Task Manager by pressing Ctrl + Shift + Esc at the same time. Proceed to the Processes tab and look for any suspicious processes that can be related to the AslaHora Ransomware.
Right-click on the processes, then click Open File Location and scan them using a powerful and trusted antivirus like SpyRemover Pro. After opening their folders, end their processes and delete their folders. If the virus scanner fails to detect something that you know is suspicious, don’t hesitate to delete it.
Step 4: Open Control Panel by pressing Start key + R to launch Run and type appwiz.cpl in the search box and click OK.
Step 5: Look for AslaHora ransomware or any suspicious program and then Uninstall.
Step 6: Hold down Windows + E keys simultaneously to open File Explorer.
Step 7: Go to the directories listed below and delete everything in it. Or other directories you might have saved the file related to AslaHora ransomware.
Step 8: Look for suspicious files created by AslaHora ransomware.
Step 9: Empty the Recycle Bin.
Step 10: TRY to decrypt your encrypted files using the Windows Previous Versions feature.
Keep in mind that decrypting your encrypted files using the Windows’ Previous Versions feature will only be effective if AslaHora ransomware hasn’t deleted their shadow copies. But still, this is one of the safest and free methods there is, so it’s definitely worth a shot.
To restore the encrypted file, right-click on it and select Properties, a new window will pop-up, then proceed to Previous Versions. It will load the file’s previous version before it was modified. After it loads, select any of the previous versions displayed on the list like the one in the illustration below. And then click the Restore button.
Follow the continued advanced steps below to ensure the removal of the AslaHora ransomware:
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the Safe Mode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading SpyRemover Pro. Installation will start automatically once download is done.
- After all the infections are identified, click REMOVE ALL.
- Register SpyRemover Pro to protect your computer from future threats.