Locky Ransomware

Locky Ransomware

Locky ransomware is a malicious software that targets computers, encrypts their data, and demands payment for the decryption key. It has been active since 2016 and has caused significant damage to both individuals and organizations worldwide.


Locky first gained attention when it was used in a massive spam campaign that infected over half a million computers in just a few days. The spam emails contained an attachment that appeared to be a legitimate document, but when opened, it installed the ransomware on the victim's computer. The ransomware then encrypted the victim's data and displayed a ransom note demanding payment in Bitcoins.


One of the unique features of Locky is that it uses a combination of AES and RSA encryption algorithms to encrypt the victim's data. This makes it very difficult to decrypt the data without the decryption key, which is only provided by the attackers upon payment of the ransom. The ransom amount varies, but it typically ranges from a few hundred to a few thousand dollars.


In addition to encrypting the victim's data, Locky also adds a unique extension to the encrypted files. For example, a file called "my-important-document.docx" would be renamed to "my-important-document.docx.locky" after being encrypted by Locky. This makes it easy for victims to identify which files have been encrypted by the ransomware.

Locky is primarily distributed through spam campaigns, but it has also been known to use other methods of distribution, such as drive-by downloads and malvertising. It has been observed to target a wide range of industries, including healthcare, education, and government.


One of the most significant impacts of Locky is its ability to disrupt business operations. Many organizations have been forced to shut down their operations or pay the ransom in order to regain access to their data. This has resulted in significant financial losses and a loss of trust in the organization's security measures.


Individuals who fall victim to Locky ransomware may also face significant consequences. In addition to the financial impact of paying the ransom, they may also lose important personal documents, photos, and other sensitive data if they are unable to decrypt it.

There are several steps that individuals and organizations can take to protect themselves from Locky ransomware. These include:

  • Backing up data regularly: This can help prevent the loss of important data in the event of an attack.

  • Installing and regularly updating antivirus software: This can help prevent the installation of ransomware on the victim's computer.

  • Being cautious when opening emails and attachments: It is important to be cautious when opening emails and attachments, especially if they are from unknown sources.

  • Disabling macros: Many ransomware attacks, including Locky, use macros to execute their payload. Disabling macros can help prevent these types of attacks.

  • Educating employees: It is important for organizations to educate their employees about the risks of ransomware and how to protect against it. This can help prevent employees from falling victim to phishing attacks and other methods of ransomware distribution.

Despite these prevention measures, it is still possible for individuals and organizations to fall victim to Locky ransomware. In these cases, it is important to act quickly and take the following steps:

  • Isolate the infected computer: To prevent the spread of the ransomware, it is important to isolate the infected computer from the network as soon as possible.

  • Disconnect from the internet: Disconnecting the infected computer from the internet can help prevent the ransomware from communicating with its command and control servers.

  • Seek professional help: If the victim is unable to decrypt their data, they may need to seek professional help, such as a cybersecurity firm, to assist with the recovery process.