Yes folks, yet another new Ransomware variant has reared its ugly head. This one is nicknamed ‘Locky’, so called because it encrypts all your important files and renames them with the extension [.locky]. Keep in mind too that Locky will not only scramble files on your system (C) drive, it will scramble any files in any directory on any mounted drive that it can access, including connected removable drives and/or accessible network shares.
As with most Ransomware threats, Locky requires user interaction to deliver its malware. In Locky’s case it’s in the form of a malicious email attachment. The attached document looks like gobbledegook with an associated message to 8220;Enable macro if the data encoding is incorrect“. Of course, this is a trick, if you do enable macros you’ll download a Trojan which then downloads the final malicious payload from the crooks.
Not only does Locky scramble important files it also removes any Volume Snapshot Service (VSS) files, also known as shadow copies, that you may have made. Once Locky has completed its dirty work it hits the user up for a ransom by changing the desktop background to display the following message:
If you then visit the dark web page as per directions in the warning message, you’ll receive instructions for payment which, at the moment, varies from 0.5 BTC to 1.00 BTC (BTC being short for “bitcoin”, where one bitcoin currently equals around $400).
Ransomware is both effective and lucrative so it’s no surprise that cyber-criminals are adopting this approach in droves. There is little doubt that Ransomware currently constitutes one of the biggest threats to users everywhere, and it is very much on the increase. Of course, the best and simplest way to mitigate these types of threats is to never open suspicious attachments in the first place. Backing up regularly and maintaining an off-line backup will also stand you in good stead. And, if you are not running a good Premium antivirus solution, you might also consider installing one the security programs dedicated to protecting against Ransomware – such as WinAntiRansom Plus.