Beware New ‘Locky’ Ransomware

LockyRansomware_featureYes folks, yet another new Ransomware variant has reared its ugly head. This one is nicknamed ‘Locky’, so called because it encrypts all your important files and renames them with the extension [.locky]. Keep in mind too that Locky will not only scramble files on your system (C) drive, it will scramble any files in any directory on any mounted drive that it can access, including connected removable drives and/or accessible network shares.

As with most Ransomware threats, Locky requires user interaction to deliver its malware. In Locky’s case it’s in the form of a malicious email attachment. The attached document looks like gobbledegook with an associated message to “Enable macro if the data encoding is incorrect“. Of course, this is a trick, if you do enable macros you’ll download a Trojan which then downloads the final malicious payload from the crooks.

Not only does Locky scramble important files it also removes any Volume Snapshot Service (VSS) files, also known as shadow copies, that you may have made. Once Locky has completed its dirty work it hits the user up for a ransom by changing the desktop background to display the following message:

Click image for full size

Click image for full size

If you then visit the dark web page as per directions in the warning message, you’ll receive instructions for payment which, at the moment, varies from 0.5 BTC to 1.00 BTC (BTC being short for “bitcoin”, where one bitcoin currently equals around $400).


Ransomware is both effective and lucrative so it’s no surprise that cyber-criminals are adopting this approach in droves. There is little doubt that Ransomware currently constitutes one of the biggest threats to users everywhere, and it is very much on the increase. Of course, the best and simplest way to mitigate these types of threats is to never open suspicious attachments in the first place. Backing up regularly and maintaining an off-line backup will also stand you in good stead. And, if you are not running a good Premium antivirus solution, you might also consider installing one the security programs dedicated to protecting against Ransomware – such as WinAntiRansom Plus.


Posted in:
About the Author

Jim Hillier

Jim is the resident freeware aficionado at DCT. A computer veteran with 30+ years experience who first started writing about computers and tech back in the days when freeware was actually free. His first computer was a TRS-80 in the 1980s, he progressed through the Commodore series of computers before moving to PCs in the 1990s. Now retired (aka an old geezer), Jim retains his passion for all things tech and still enjoys building and repairing computers for a select clientele... as well as writing for DCT, of course.

There are 8 comments

Your email address will not be published. Required fields are marked *