TCI Technologies Blog

07 Jun

Locky Virus: The Latest Ransomware of 2016

Categories: malware, Cybersecurity, Ransomware


While its name sounds kind of silly, the Locky Virus has been one of the most active and dangerous malwares of 2016. One of the latest examples of ransomware, Locky essentially holds your files hostage by encrypting them. It then prompts you to pay Bitcoins to recover your files, similarly to CryptoWall.

What is Locky Virus?

The Locky Virus was released in February 2016. It is a ransomware that can affect all versions of Windows. When a computer is infected with Locky, the files on it will be encrypted with an AES algorithm, which requires a key to unlock. As the victim of the virus, that key is unknown to you.

The virus indicates that you can obtain the key by paying a ransom in Bitcoins, which is a type of online currency. The value of one Bitcoin fluctuates over time. Locky requests a ransom of .5 Bitcoins, which is equal to about $280 at the time this blog is being written.

How your Computer Contracts the Virus

Typically, Locky comes disguised as an email with an infected Word file or JavaScript attachment. Or, your computer may be infected after you visit a hacked website with an exploit kit on it. The exploit kit will search your computer for vulnerable programs to infiltrate. If a vulnerable program is found, the virus begins encrypting your files.

What to Do if your Computer is Infected with Locky Ransomware

Retrieving Files without Paying the Ransom

At the moment there is no way to decrypt your files without paying the ransom, but there are ways to try and restore them without decryption. However, it is important to note that by attempting to remove Locky Virus without paying the ransom, you risk losing your files permanently.

The following steps may lead to the recovery of your files:

  1. Download an anti-malware program to remove the virus. There are a number of free, reliable anti-malware services that should eliminate the virus from your computer. Some programs will ask to reboot your computer after they’ve quarantined malicious files, and you should allow them to do so.
  2. If you regularly perform data backups, you should be able to recover your data after Locky has been removed. If not, go to the next step.
  3. Use ShadowExplorer or a file recovery software to salvage and restore any copies of files that have not been deleted by Locky.


Paying the Ransom

If the above steps do not work, paying the ransom will get your files back. The developers of the virus know that if they do not deliver the decryption key upon payment, word will get out and nobody else will pay them. Their goal is to make money, after all.

As mentioned above, the creators of the virus will ask that you pay .5 Bitcoins to the unique address generated for you. After you’ve paid you will be given a decryption key to regain your files. However, it’s strongly recommended that you do everything else in your power to retrieve your files. By paying the ransom, you give malware developers reason to keep doing what they’re doing.

Preventing Future Attacks

The best way to combat ransomware viruses like Locky is to have strong lines of defense. To protect yourself, follow these preventative measures:

  • Do not open email attachments from unknown senders.
  • Update your antivirus software and operating system regularly.
  • Back up your files often and store the backups on removable storage drives or in cloud storage.

Locky attacks have been growing more and more frequent since it was released. If you haven’t had a run in with the virus, make sure you’re familiar with the ways to prevent it from holding your files captive just in case.

Microsoft Office Cheat Sheet

Author: Nick