Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Monday, May 11, 2015

Remove 'Los Pollos Hermanos' Crypto Virus and Restore Encrypted Files

Tell your friends:
Los Pollos Hermanos crypto virus (ransowmare) has begun spreading in Australia and some other countries. If you are a fan of Breaking Bad then you will immediately notice that cyber criminals reference this TV show by using the Los Pollos Hermanos branding image in ransom demand. They even use a theonewhoknocks @ email for "support related inquiries". That's another reference to the popular TV show. Another than that, it's just another ransom virus from the CryptoLocker ransomware family that encrypts your files and then demands that you pay a ransom ($450 to $1000 AUD) in order to decrypt your files. It's not the most innovative and sophisticated ransommware but it does encrypt your files using the Advanced Encryption Standard (AES) encryption algorithm and you can't really decrypt them without the private key. So, I guess we could say that 'Los Pollos Hermanos' virus does its job well.

I'm sure you're no stranger to the fact that the more time we spend online these days, the more we are putting ourselves at risk of becoming a victim of some sort of virus, phishing scam or malicious software program. And it's a real cat and mouse game for as soon as one of the programs, operating systems, or applications we use releases a new version or patch, the malware programmers and scammers that inhabit the darkest corners of the internet will release their 'upgraded' – i.e. more dangerous version too.

So what should you do if you want to get the best possible protection in the face of all these threats that are just waiting to do us harm? The main thing is to ensure that you are always as well informed as possible when it comes to online issues that could cause you very real problems. And one type of malware that you should increase your knowledge about is ransomware, in this case the so-called "Los Pollos Hermanos" virus. Trust us; this is something that I can guarantee that you are not going to want installed on your computer.

A closer look at 'Los Pollos Hermanos' ransomware

Most malware is named pretty accurately. For example, adware is software that bombards you with adverts. Spyware is software that spies on you. Therefore if you're thinking that ransomware might just be something that will hold you to ransom, then go straight to the top of the class! A Los Pollos Hermanos ransom attack results in you, or rather more accurately, your files being held hostage. It kidnaps your data and demands payment from you to release it. It's a good old fashioned method of extortion, repackaged and upgraded for the twenty first century. This ransom virus attack the most common file types, so expect that your work documents and images will be encrypted. Once this crypto virus encrypts your files it will display a ransom note:

Your important files have been encrypted: photos, documents, videos, etc.
If you want to decrypt your files you must pay the fee of $450 AUD
Failure to pay within the specified time will mean you must pay $1000 AUD
For support related inquiries contact:

I have ransomware on my computer. How did it get there?

'Los Pollos Hermanos' ransomware, like virtually all types of malware, attacks your computer when you download something that has been packaged with it. This could be anything from some software, an app or a file – and the host program may or may not know that ransomware is included. Similarly this ransomware can also be spread via spam emails that have infected links or attachments in them. Finally, you may even be unlucky enough to be the victim of something called a 'drive-by installation' which is when you've stumbled across a website that has been infected by the malicious software.

Has my data been kidnapped?

If there's one (albeit it dubious) thing to be said for ransomware is that it is extremely easy to know if you've been targeted. This is not a subtle attack: it is after your dollars after all! You will usually experience the following:
  • You are unable to open a program or document on your computer
  • You are shown a 'ransom note' in the form of a pop-up window, a full screen message, or perhaps an email
So should you pay the ransom? Absolutely not! Paying these people only perpetuates their belief that they are onto a good thing, so don't pay anything or click on any links or buttons. Instead, follow the removal guide below how to salvage your data and clean your computer ASAP. There are a few tools that can help you to restore at least some of your files without paying a ransom. Even though, there's no guarantee that these tools will help you, there's also no reason not to try them out. Who know, maybe you will be the lucky one. Good luck and be safe online!

Written by Michael Kaur,

Step 1: Removing 'Los Pollos Hermanos' and related malware:

Before restoring your files from shadow copies, make sure 'Los Pollos Hermanos' virus is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by 'Los Pollos Hermanos' crypto virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

Method 2: Try to restore previous versions of files using Windows folder tools. To learn more, please read Previous versions of files.

Method 3: Using the Shadow Volume Copies:

1. Download and install Shadow Explorer. Note, this tool is available with Windows XP Service Pack 2, Windows Vista, Windows 7, and Windows 8.

2. Open Shadow Explorer. From the drop down list you can select from one of the available point-in-time Shadow Copies. Select drive and the latest date that you wish to restore from.

3. Righ-click any encrypted file or entire folder and Export it. You will then be prompted as to where you would like to restore the contents of the folder to.

Hopefully, this will help you to restore all encrypted files or at least some of them.