23
MAR 2016The Locky Malware is the most active malware for 2016. At the moment of writing, there are hundreds of people who are trying to remove Locky Malware from their computer and to recover the “locky datei”. If you haven’t heard about this threat yet, you should know that it is the latest example of the ransomware-type Malware, which is capable of ruining your files. If you are one of those who appreciate their files collected over the years, beware that this threat can put your precious memories into danger. Locky Malware is a treacherous malware, which is said to have already attacked over half a million users. Unfortunately, but it keeps spreading around and, according to PC security experts, it can be called one of the most significant Malware today.
The Malware works similarly to CTB Locker, Cryptowall, Teslacrypt, and Cryptolocker, so, as soon as it enters the computer, it starts encrypting the files with the help of AES-128 encryption. Once this military-type encryption process is finished, the victim is left out of the ability to retrieve his/hers files. The only way to have these files back is with a help of a decryption code, held by the Locky Malware developers. The users whose files have been locked are asked to pay some amount of money to obtain this key. At the moment of writing, they are asked to pay from 0.5 to 1.00 Bitcoin (or $400) for getting a decryption key, which is essential when trying to get your files decrypted. Nevertheless, security experts have been urging victims NOT to pay for this key because there is no guarantee that the “key” will work for them. To sum up, Locky is an extremely dangerous Malware that has to be removed ASAP. This is the only way to prevent the further encryption of your valuable data. To remove Locky Malware and its malicious files, you should scan your computer with SpyHunter or similar anti-spyware.
The main method used for spreading Locky ransomware (this is an alternative name of this threat) relies on SPAM. Some of these misleading emails have a Word file attached to them; others are filled with a JavaScript attachment. According to PC security experts, people should be extremely careful with .js email attachments because it is believed that scammers can release almost four million of emails filled with them every seven days. Of course, each of these email messages tries to look very convincing to trick people into downloading the attachment to their computers because that’s how Locky infects the system. When the Word file attachment is downloaded and opened with Word macro settings on, the virus immediately starts its malicious activity. However, it is incapable of doing so if macro settings are disabled, so it asks its victim to enable it. Please, DO NOT do that by any means because macro encodes the file information in this way activating the virus. That is why Locky is also called a Macro virus. When the victim is tricked into downloading JavaScript attachment, the virus doesn’t need to make its victim enable macros. That’s why it is believed that this Locky distribution technique will become very popular in the nearest future.
After being activated, the virus starts scanning the computer for files, including a photo, video, documents, archives and other files and then encrypts them with the AES algorithm. On top of that, this virus does not only affect the Office files but may also connect to external storage drives connected to the computer or network sharing sites and lock the files there as well. What is more, the online file clouds and network sharing sites are also at risk of being hijacked. There have been reports about Locky encrypting Bitcoin wallets as well. This is an extremely dangerous virus, so you should think about Locky removal as soon as it shows up on your computer. Also, do NOT open unknown emails and do not download any suspicious files attached.
Please shutdown all the PCs on your network if you find any files on any PC or server on your network ending in .locky and call us immediately! The sooner you shutdown, the less damage can be done. DO NOT SHUTDOWN YOUR SERVERS without contacting us, just the workstations.