JS/Locky.AY!Eldorado appears to be a vendor specific detection name.
Each security vendor uses their own naming conventions to identify various types of malware
so it's difficult to determine exactly what has been detected or the nature of the threat without knowing more information about the actually file(s) involved. Names with Generic or Patched are a very broad category. Some vendors also add a modifier or additional information after the name that further describes what type of malware it is.
Names are created for in-the-wild malware
which has been released to infect computers, non-wild ("Zoo" viruses and worms) created by labs and anti-virus vendors to test their ability to detect new threats, proof-of-concept viruses
created by ethical groups and zero-day malware
...all of which can be renamed at any given time. Since there is no universal naming standards, all this leads to confusion by the end user
Any files that are encrypted with Locky Ransomware
will be renamed with random alpha-numerical characters and have the .locky
extension appended to the end of the encrypted data filename in the following format [unique_id][identifier].locky...(i.e. A65091F1B14A911F0DD0E81ED3029F08.locky). Locky Ransomware will leave a file (ransom note) named _Locky_recover_instructions.txt, _HELP_INSTRUCTIONS.txt.
Any files that are encrypted with the newest Locky Ransomware
variant will be renamed with random alpha-numerical characters and utilize the .zepto
extension (i.e. 024BCD33-41D1-ACD3-3EEA-84083E322DFA.zepto). This variant will leave a ransom note pattern consisting of _(****)_HELP_instructions.txt/.bmp/.html...(i.e. _6789_HELP_INSTRUCTIONS.txt, _6789_HELP_INSTRUCTIONS.bmp, _6789_HELP_INSTRUCTIONS.html). More information in this BC News Article: New Locky version adds the .Zepto Extension to Encrypted Files
A repository of all current knowledge regarding Locky Ransomware
is provided by Grinler
(aka Lawrence Abrams), in this topic: Locky Ransomware Information, Help Guide, and FAQ
You can submit samples of encrypted files and ransom notes to ID Ransomware
for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. If ID Ransomware cannot identify the infection, you can post the case SHA1
it gives you in your next reply for Demonslay335
to manually inspect the files.
You can also submit samples of encrypted files, ransom notes, email or/and website address you see in the RANSOM DEMAND to No More Ransom Crypto Sheriff
for assistance with identification and possible decrypting solutions. If you are provided any information it would be helpful to post it here for Demonslay335 to review.