What is Locky Ransomware?
Locky ransomware is distributed via malicious .doc files attached to spam email messages. Each word document contains scrambled text, which appear to be macros. When users enables macro settings in the Word program, an executable file (the ransomware) is downloaded. Various files are then encrypted.
Locky Encryted Files
Note that Locky changes all file names to a unique 16 letter and digit combination with a .locky file extension. Thus, it becomes virtually impossible to identify the original files. All are encrypted using the RSA-2048 and AES-1024 algorithm and, therefore, a private key (which is stored on remote servers controlled by cyber criminals) is required for decryption. To decrypt the files, victims must pay a ransom.
After the files are encrypted, Locky creates an additional .txt file in each folder containing the encrypted files. Furthermore, this ransomware changes the desktop wallpaper. Both text files and wallpaper contain the same message that informs users about the encryption. It states that files can only be decrypted using a decrypter developed by cyber criminals, which costs .5 BitCoin (at time of research, .5 BTC was equivalent to $207.63).
Backup Your Files To Avoid Loss of Data
To proceed, the victim must install the Tor browser and follow the link provided in the text files/wallpaper. The website contains step-by-step payment instructions. Locky deletes all file shadow volume copies. At time of writing, there were no tools capable of decrypting files affected by Locky – the only solution to this problem is to restore your files from a backup.
Types of Ransomware
Research results show that there are hundreds of ransomware-type malware similar or identical to Locky including, for instance, Cryptowall, JobCrypter, UmbreCrypt, TeslaCrypt, and DMA-Locker. All have identical behavior – they encrypt files and demand a ransom. The only difference is the size of ransom and type of algorithm used to encrypt the files. Research also shows that there is no guarantee that your files will ever be decrypted even after paying the ransom. By paying, you simply support cyber criminals’ malicious businesses.
Don’t Pay The Culprits
For this reason, you should never pay the ransom or attempt to contact them. Be aware also that malware such as Locky is usually distributed via fake software updates, P2P networks, malicious email attachments, and trojans. Therefore, it is very important to keep your installed software up-to-date and to double check what you are downloading. Be cautious when opening email attachments sent from suspicious addresses and use a legitimate anti-spyware or anti-virus suite.
Screenshot of Locky Ransomware
Below is a screenshot of an email message used for Locky ransomware distribution. Email subject – “ATTN: Invoice J-12345678”, infected attachment – “invoice_J-12345678.doc” (contains macros that download and install the Locky ransomware on the victim’s computer):
“Dear someone, Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice. Let us know if you have any questions. We greatly appreciate your business!”
_Locky_recover_instructions.txt text file:
Locky ransomware website informing victims on how to pay the ransom to receive the “Locky Decrypter” software – supposedly software that will decrypt their compromised files:
Please do not pay for a Key to unlock your files. If you do, you will be submitting your banking information to the criminal masterminds who wrote the code in first place, in order to gain money from this crime. This is common form of online crime that hackers use to make money, by encrypting your files, locky encryption virus forces you to contact the virus maker and pay lots of money to recover your precious personal files.
Avoid Opening Unknown E-Mails
Your computer can be hacked by locky encryption virus ransomware when you open attachments of spam emails, visit adult websites, download freeware or torrent files from unknown file-sharing websites, or update installed apps from third party websites. If it invades your system, other forms of threats will also be downloaded from remote server to cause more severe system problems.
To avoid more of files being locked by locky encryption virus ransomware, and get your healthy PC back, you need to get rid of locky encryption virus virus immediately. Ransomware removing is a tough task but if you have found your computer or laptop has been infected then stop using it and call us on 01-6831317.
It is important to keep your computer backup on a regular basis. The best way to do this is by using a external Harddrive. Copy all your important files on to it and make a back up image of your laptop so that it can easily be restored if needed.
For more info on the .Locky Virus or backing up your pc/laptop call in to us at 104A Coolmine Ind Estate. Blanchardstown. Dublin