What Is Locky Ransomware & How To Prevent Locky Ransomware

Locky Ransomware was first detected in 2016. Locky is software specifically designed to lock computer data. After paying a ransom (hence the name Ransomware), data can be encrypted.

To decrypt data encrypted by Locky, you need a key. The decryption key must be bought from Cybercriminals.

Cybercriminals often operate over the TOR network. In the TOR network, the cybercriminal that Locky distributes is anonymous and has to pay in bitcoins. Payments in Bitcoin vary from 0.5 to 1 bitcoin per infected computer. If the victim does not pay in bitcoin, the data encrypted by the Locky ransomware is worthless.

In many cases, the Locky ransomware is distributed through fake emails. These emails contain a PDF, Microsoft Word, or JS (Javascript) file that downloads and installs the Locky Ransomware Payload.

After installation, Locky ransomware locks media files, office documents, and Windows files with RSA-2048 + AES-128 cipher and ECB mode encryption. This encryption is impossible to crack. The key to decrypt the encrypted data is generated server-side. The Server-side generated keys make it impossible to decrypt the files locally.

Restoring files via Windows is not possible. All Windows restore points/shadow copies are removed, and Windows recovery capabilities are disabled. The only way to restore files is if the user has remote backups stored on a server that is not accessible by the infected computer. All associated hardware or shares in Windows are co-infected by the Locky ransomware.

In order to prevent Locky, the user must be alert for suspicious emails. These emails should never be opened if one does not know who the sender is. Email attachments should be scanned with Antivirus software and even then manually checked before opening them.

If the user tries to open a word document via email that enables Macros, chances are its ransomware. So be careful with the Macro code in Office.

Make sure that all software is updated to the latest version. Think of web browsers, server software, Microsoft Windows, etc. Hackers are out to exploit unpatched and buggy software. Once a system has been penetrated, cybercriminals often install ransomware such as Locky.

If possible, users should create accounts in Windows that have a minimum number of privileges. User accounts in Windows with Administrator privileges can automatically infect network shares, network disks, or computers with Locky ransomware.

Learn what to do by ransomware.

Categorized in:

Ransomware removal instructions,

Last Update: April 2, 2023

Star Gazer on Remove Bluestepcherry.com (virus removal guide)
Good guide on removing the Bluestepcherry.com virus. I was looking for something like this.
TechNovice on Remove Bindszone.club (virus removal guide)
I had no idea about Bindszone.club. Now I know how to deal with it, thanks!
Earth Lover on Remove Bluestepcherry.com (virus removal guide)
Didn't realize how harmful this site could be. Informative read!
Blue_Sky on Remove Mobility-search.com browser hijacker virus
I didn't realize Mobility-search.com was so intrusive. Thanks for the detailed steps on removing it.

What is Locky ransomware & how to prevent Locky ransomware

About the Author

Max Reisler

Leave a Reply Cancel reply

About the Author

Max Reisler

Related Articles

Remove YMIR ransomware (Decrypt YMIR files)

Remove NYXE ransomware (Decrypt NYXE files)

Remove HEDA ransomware (Decrypt HEDA files)

Remove PLBOY ransomware (Decrypt PLBOY files)

Leave a Reply Cancel reply