Locky Definition, Prevention, and How to Remove It?

Locky Ransomware

What is Locky?

Locky is ransomware that is usually in the form of an attachment in a Microsoft Word document sent by email to a large number of recipients using a massive spam campaign. According to research, Locky has spread rapidly since its first appearance and has infected thousands of computers per hour.


After opening the attachment, the ransomware gets installed and enabled on the victim's computer. It tries to download Portable Executable (PE) files from the remote control server and executes them from there. Using the RSA-2048 and AES-1024 algorithms, it then encrypts every file on the local drive and the network.


It then displays the message on the victim's machine and asks the victim to visit the attacker's website for further instructions and payment of a ransom to decrypt the previously encrypted files. Ransom demands vary and can be paid using bitcoin.


Lately, Locky ransomware has been spreading rapidly and has caused a lot of damage and disruption to businesses around the world. In one of the recent Locky ransomware incidents, Hollywood Presbyterian Medical Centre chose to pay 40 bitcoins (about $17,000) in ransom to be able to decrypt "locked" files and restore system and administrative functions.


How to Remove Locky?

I have spent a lot of time researching Reverse Locky Ransomware as I think it is:


You can't recover your files unless you pay, I know it encourages cybercriminals but you can't use shadow explorer to recover copies because Locky can infect all your files. After all the backup removes shadow copies and does various tricks like writing garbage bytes to the original file and renaming/moving files so that you can read your hard drive byte by byte, the original is gone.


You cannot decrypt the files yourself because it uses the RSA-2048 key and AES encryption, the only way to decrypt your files is to obtain the private encryption key stored on the hacker's private server.


You can get rid of Locky ransomware because it automatically executes all the time, but what's the point because all your files are encrypted anyway. On the safe side, it's probably better to format your machine, pay to recover the files and go on with your life.


It's possible to undo whatever Locky did other than the file encryption part if you want to try: delete copies of Locky, delete registry settings, etc... These specific steps vary depending on the infected version.


How to prevent From Locky?

1. Implement an awareness and training program.

2. Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching end-users.

3. Make sure that anti-virus and anti-malware solutions are set to automatically perform regular scans.

4. Install the latest and updated version of antivirus software.

5. Never open or click on unknown or suspicious attachments or links from unauthorized sources.

6. Back up important files to the cloud or an external hard drive.

7. Update the operating system and all third-party software installed in the system with the latest patch updates.


I hope you like the article. If you like it share it with your friends and family and also share your thoughts in the comment section below.

Leave a Reply

Also Read

Join GraspHack Family!

We will never spam you.

Be a part of our ever growing community.