What is Locky Ransomware?

Locky virus is one of the most destructive ransomware-type infections which occupy an operating system and encrypts all data on it. The initial extension the virus used for the encrypted files was .locky, but as the threat evolved, new extensions such as .asasin, .ykcol, .diablo6, .osiris, .odin, .thor, .zepto, .shit, .aesir and .loptr emerged. Locky is a type of ransomware distributed via malicious .doc files attached to spam email messages.

It first appeared in early 2016. This ransomware hits your system when you least expect it. It locks your computer system and only unlocks it when you pay the ransom. Locky uses AES (Advanced Encryption Standard) algorithm to encrypt your system and this is only possible once you download the malicious attachment and Enable the Macros settings.

How Does It Work?

Generally, the victims download the ransomware to their computers themselves as a regular email attachment, typically, a .doc file carrying an embedded script which gets executed if the Word Macros is enabled.

The spam email that you receive contains common subjects like ‘documents’, ‘please print’, ‘photo’, ‘images’, ‘pictures’ and ‘scans’, which may change depending on the target audience.

If you open this email and click on the attachment, the latest version of the Locky ransomware gets downloaded and encrypts all the files on your computer.

You receive instructions demanding the installation of a TOR browser and visiting (dot) onion sites. The instructions also demand from you to pay the ransom.

What Is So Special About Locky?

Due to the high number of infections Locky was described it as one of the most successful families of ransomware of all time.

Technology behind Locky ransomware is the most sophisticated one among all ransomware types. Researches still haven’t been able to crack the strenthg of its underlying cryptography, which indicates that this is the work of a higly professional group.

Will I Get My Data Back If I Pay The Ransom?

To ensure victims can make the payment, attackers provide you with instructions on how to download and install the Tor browser and how to buy Bitcoin.

The payment is supposed to buy a special software in the form of a “Locky decryptor”, which the victim needs to get their files back.

There is this possibility of paying the ransom to the hackers. But there’s no guarantee it will work, because cybercriminals aren’t exactly the most trustworthy group of people.

Also, paying the ransom may encourage these bad guys to continue and even expand their operations. We strongly suggest that you do not send any money to these cyber criminals, and instead address to the law enforcement agency in your country to report this attack.

How To Prevent Locky Ransomware From Infecting My PC?

To prevent Locky ransomware or any other type of malware from infecting your PC, it is crucial to have an antivirus software installed on your PC as a basic protection together with an antimalware protection that will serve as an additional layer of protection. Also, you need to have backup for your personal documents.

Locky Removal

Unfortunately, once your PC has been infected and your data encrypted, you cannot recover them. Hackers behind the Locky ransomware claim you will get your data back once you pay the ransom but noone can guarantee this will happen.

Antivirus and antimalware software can only remove the infection from your PC or they can block it/prevent it from infecting your PC if you were wise enough to have them installed on time. However, they cannot recover your encrypted files. Therefore, it is highly important to protect your files on time.

If you are using Zemana AntiMalware premium version (which comes with 15-days free trial), it will protect you by blocking the Locky ransomware on time. This way, it will prevent it from infecting your PC.

However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged. This means that you will no longer be protected from Locky, but you will still be able to scan your PC with Zemana AntiMalware, which will detect Locky and block it.

Therefore, the best prevention against Locky virus is installing the right protection solution even before you get infected.

Zemana AntiMalware as a Locky Removal Tool

According to MRG Effitas, Zemana AntiMalware has proved to be the best anti-ransomware software on the market.

If you are looking for a solution that will help you in removing Locky, it is important to note that Zemana AntiMalware is compatible with any antivirus software that you might have on your PC and will run alongside it without any conflicts.

Below you can find a guide on how to detect and remove this ransomware with Zemana AntiMalware.

  • STEP 1: Download Zemana AntiMalware here.
  • STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.Download Zemana AntiMalware
  • STEP 3: Press the “Scan” button.Remove Locky ransomware
  • STEP 4: When the scan is complete, click “Next”.
  • STEP 5: Restart your computer if you are prompted to do so.

Petya Ransomware: More dangerous than WannaCry?

Nobody has fully recovered from the last WannaCry ransomware attack and now there are new attacks spreading throughout the world. This time it is a threat called Petya ransomware.

What is Petya?

Petya ransomware was a malware that was created in 2006. Now, it has been modified and the new variant has been used in the recent attacks. It locks users’ PC and encrypts files. The hackers behind the attacks ask for ransom in bitcoin in order to decrypt users’ files.

However, experts claim that Petya is not a traditional ransomware. It is more dangerous than WannaCry because it is a specific type of ransomware. Attackers ask for ransom in Bitcoin making you believe that your files will be decrypted.

But this time, it not the case. Petya’s source code revealed that it is impossible to recover and decrypt files once infected.

It can infect your PC in more ways than WannaCry or any other ransomware. It is very different from the common ransomware. It installs itself to start before Windows, causes a BSOD in Windows, and after Windows restarts, it mimics a file repair, but in reality, it encrypts the MFT(Master File Table). This type of threat will be harder to overcome. This is a cyber attack meant to sabotage and destroy users’ PC.

Recent Attacks

The attacks listed below are just some of the attacks, so it is not a surprise that Petya caused chaos around the world.

– Russia’s oil company
– Major Ukranian banks (including the Central bank) and companies
– The airport in Kiev
– British advertising agency
– U.S. pharmaceutical company Merck
– Cadbury chocolate plant in Australia
– A major shipping firm in Netherlands

How to Protect Yourself

Petya ransomware is a specific type of a cyber attack, which means that you will need to take extra measures in order to protect your PC.

The first thing you need to do is update your operating system. An update will improve the stability of your PC and will not be an easy target. You also need to have an antivirus and antimalware software installed on your PC and mobile phone.

Because Petya works totally different than other ransomware, most generic ransomware protection was totally ineffective against this threat and failed to protect end users worldwide.

But according to MRG Effitas, our Zemana AntiMalware proved to be the best protection against Petya ransomware. Check out the below image:

You can see the full report here.

However, few experts believe that this worldwide spreading infection is only disguised as ransomware.

It uses the NSA’s Eternal Blue Exploit and has affected many European countries including Ukraine, Poland and Germany. However, other continents were not spared as well.

Nevertheless, no one should take the risk so, everyone should take needed precautions asap! 

All Zemana products use the same technology designed to protect you from both traditional and new types of malware. So, whether you have Zemana AntiLogger or Zemana AntiMalware, your PC will remain protected.

As we have mentioned in our previous blogs, experts predicted a high number of ransomware attacks in 2017 targeting both your PC and your mobile device.

It seems that their predictions are already coming true. Protect yourself in time with Zemana AntiMalware and enjoy the online world carefree.

Stay safe with Zemana! 🙂

WannaCry Ransomware Attack Is Not Over Yet! Protect Your PC Now!

On Friday (May 12, 2017) a large cyber-attack using WannaCry ransomware was launched. The attack spread to 150 countries affecting 230 000 computers, including telecommunication companies and health institutions.

WannaCry ransomware, referred to as WannaCrypt0r, WannaCrypt, or Wanna Decrypt0r, is a ransomware program that targets Microsoft Windows operating system.

It is delivered to a victim through harmful links in an email, unreliable sites and applications. Once it has been activated, the program spreads through the computer and locks all the files with the encryption.

Scary, right?

WannaCry ransomware is believed to use the EternalBlue exploit, which was developed by the U.S. National Security Agency to attack computers running Microsoft Windows operating systems. The exploit leaked online in April 2017 by the hacker group known as The Shadow Brokers.

In just few hours this ransomware has been active, it has made many high-profile victims all over the world. Some of the countries that were hit by WannaCry are UK, Spain, Russia and China.

Is It Still Active?

Unfortunately, yes. Experts believe that the number of WannaCry victims is going to rise in the next few days.

Am I a Possible Victim?

Do you have a Microsoft Windows operating system on your PC? Than you are!

How Can I Protect Myself From WannaCry Ransomware?


Even though, the situation is serious there is no need to panic. You are safe with Zemana AntiMalware and Zemana AntiLogger. Both products are designed to protect you from all types of ransomware, including WannaCry.

Years of careful ransomware character investigation helped Zemana in developing the best possible anti-ransomware tool. For that, Zemana AntiMalware has been rated as the best ransomware protection for years by MRG Effitas.

In case you are not yet a user of Zemana products, just go here, download any of Zemana products and stay ransomware free. Get the proactive protection that will make your mind worry free.

WannaCry ransomware wants to make you cry but Zemana is there to not let that happen.

Stay safe and happy!

How To Prevent Ransomware?

Afraid of ransomware? Don’t be. Follow the below mentioned steps for ransomware protection and you are good to go!

First Thing First: Back Up 

Don’t just agree with the fact that it is important. Do it also!

In case of a ransomware attack, regular up-to-date backups are the most reliable method for recovering data held for ransom.

Since ransomware is mostly attacking data on a connected network, the best thing would be to keep the backed up data in an offline environment. 

Install Latest Security Patches And Updates

Ok, you got the first step. Now, always keep your operating system and software up-to-date by installing the latest security patches and updates.

Why? Ransomware authors usually attack people that have outdated software with many open and known vulnerabilities.

Therefore, install the latest security patches, keep your software up-to-date and you will significantly decrease the possibility of a ransomware attack.  

Block Malicious Ads

Ransomware authors also use malicious ads that attempt to install ransomware and other infections on your PC.  Due to the nature of ads and their speed, it has the ability to infect thousands of people within 24 hours.

In order to avoid this kind of scenarios use an ad blocker to avoid the threat of a potentially malicious ad that hides ransomware.

Stay Informed – Knowledge Is Power

Social engineering is one of the methods ransomware attackers use in order to infect you. Just now it may be sitting in your inbox, hiding and waiting for you to open it, or to click on a link in the spam email or activate macros in a malicious document.

Learn how social engineering works and get to know all the tactics in order to spot a malicious email right away. You should always think twice before clicking something or opening a file. If it seems suspicious to you, then it probably is.

Never ever click, download or open something that looks suspicious to you. Always double check. 

Install a Security Suite

It is always wiser to choose ransomware protection over expensive pay outs to hackers. Cyber criminals attack individuals because they are aware that they don’t do regular backups and most importantly they fail to invest in necessary cyber security solutions.

Build your defense system with a security solution but keep in mind that you need a security suite with a specific emphasis on the ransomware protection capabilities.

Pay ransomware protection rather than ransom to hackers.

If you want to defeat ransomware, don’t just leave this article without applying the above mentioned steps. So, back up, always keep your system up to date, don’t click on any link you find interesting, get an ad blocker and install ransomware protection.

Follow these simple 5 steps and you don’t have to worry about ransomware anymore.

Stay safe with Zemana! 🙂

Zemana AntiMalware is your #1 protection strategy against ransomware

As Cyber world grows bigger every day, cyber security problems grow with the same speed and in some cases even faster. Ransomware has become one of the biggest problem in cyber world and number one security problem for organizations and individuals as well.

It doesn’t request advanced hacking skills and the “pay” is good. Easy money in short.

This has brought that ransomware variants increase every year massively and it doesn’t show any signs of stooping.  Since December last year security researchers recorded a growth of 600% in new ransomware families.

With regards to pay outs,  in last year victims paid in ransom around 24 million USD. In the first quarter of this year victims payed closed to $209 million and security researchers estimated that by the end of 2016 it will reach up to 1 billion USD.

Here are some more facts:

However, as much as it is important to share awareness on ransomware and the impact it can produce it is even more important to have good security tools that can help you defeat it easily.

In October 2016, Avlab.pl tested and analyzed various security tools in the market in order to find the one that can provide the best ransomware protection and make individuals and organizations worry-free. The objective of the test was to check a real protection provided by security software against threats of crypto-ransomware to home users and small and medium businesses.

They have tested, various security tools which are available in the market, with default settings and in an identical test environment under same conditions and on the same basis.

For testing, Avlab.pl has used 28 malicious software files of crypto ransomware while among others there were: Cerber, CryptXXX, DetoxCrypto, Hitler Ransomware, HolyCrypt, Locky, Numecod, Petya, Jigsaw,Vipasana, Stampado and many others.

In the category for home users, Zemana AntiMalware is one of the applications that got the highest score. You can read the full report here.

Just recently, also MRG Effitas, UK independent security test house, conducted a test where they have analyzed different kind of globally known security products where Zemana AntiMalware claimed the top spot and proved to be the best ransomware protection in the market. Read full report here.
Even though ransomware is on rise, the good news is there are security tools that can help you defeat rit easily. Besides, there are some must have tips to follow in order to avoid it effectively.
Stay safe!

Protect your business from ransomware attacks with these 5 steps

The rise of ransomware attacks has financially damaged thousands of organizations and individuals worldwide in the last couple of years and it will only get worse. Herjavec Group stated in one of its reports that the cost of ransomware attack could reach up to $1 billion this year.

In the Hackerpocalypse: A Cybercrime Revelation report it is estimated that last year cyber-crime victims pay out $24 million to ransomware attackers. However, this year in just the first three months they pay out $209 million and it is estimated that the total cost will reach up to $1 billion by the end of 2016. In 2015 the overall annual cost of global cyber-crime was estimated to be $3 trillion but in 2016, as according to overall situation, it is estimated to double.

Having in mind that the cost of the ransomware attack could reach this much makes us overthink our actions. Many experts believe that organizations and individuals who think that there is no other option but to pay the ransom, have led to the massive popularity of ransomware attack among cyber-criminals.

Since ransomware itself has a profitable nature, cyber-criminals will not only continue deploying ransomware but they will also start attacking bigger and bigger targets in order to get more money. On the other hand, the safe net of the bitcoin has led to a safe and easy demand of money so the question that arises here is: Why would they stop?!

Well they won’t and because of that you have to plan your best defense strategies.

For a business getting attacked by a ransomware means losing sensitive data, money, time, reputation, productivity, corporate or personal finances, sensitive employee data, and other valuable content.
However, the good news is that there is a lot of practices a business can do to protect their data, their employees and their customers. Below you can find few of them:


While many organizations think it is needles to talk about the cyber risks an organization faces and analyze the consequences of taking the risk, we on the other hand cannot overstate the importance of this practice.

Here we are not talking only about ransomware attack but also about a growing number of advanced threats which are lurking around your business. By simply believing that the ransomware attack will not happen to your organization doesn’t help much.

The management of a company must understand the risk they are dealing with and come up with concrete ways how to overcome it.
Cybercrime is not a joke and people behind it are serious experts with a pretty much defined target list and goals.


Since many organizations have not yet developed and published detailed cyber security policies we strongly recommend that while you share the awareness on cyber security importance in your organization you should also focus on development of detailed and thorough policies.
These policies should cover every tool (social media accounts, web, emails, mobile and PC devices and etc.) that your IT department has deployed or that is used within your internal infrastructure.

They should include legal obligations to encrypt emails and other tools that contain sensitive data, to control any device that is connected to the organization’s system and to constantly check and monitor communications within organizations networks for a possible hidden malware.

Established policies will not 100% protect you from ransomware or any other cyber-attack but they will certainly be useful in limiting the number of tools that employees use when accessing organizations resources and they will also be useful in reducing the number of malware attempts which can access your network.


Every application, system and software that is used in your organization should be checked regularly for vulnerabilities and brought up-to-date using the latest patches from vendors since open system vulnerabilities can allow cyber-criminals to successfully intrude corporate loss defense system.


The most common and best advice you can get is to back up and don’t just knock with your head after your read this. Do it!

Regular up-to-date backups are the most reliable method for recovering lost or infected data. In order to be more effective, Gary Warner advises that a backup must be “serialized”, with older versions of files available in case newer versions have been corrupted or encrypted.

Ransomware tries mostly to encrypt data on a connected network therefore the best would be to store the backed up data in an offline environment far away from ransomware attacker’s eyes.


Cyber criminals will easily find a way to attack an organization that doesn’t do regular backups and failed to invest in need-to-have anti-ransomware solutions. It is always wiser to choose ransomware protection over expensive pay outs to hackers. Every organization should implement a cyber security solution with a specific emphasis on the ransomware protection capabilities.

Follow the above mentioned steps and you will never get in the situation to pay to cyber criminals. Remember to install a proactive ransomware protection that is always up-to-date and continue doing your business worry-free without worrying that any minute your data can be stolen.

Do an analysis of various ransomware solutions. Here you can find a report on best ransomware solutions that can help you out in making your decision.

What are the most recent ransomware variants?

In the period between 2015 and 2016 there is been an increase in the total number of users who encountered ransomware variants. It rose by 17.7% compared to previous year and, as it seems, it doesn’t show any signs of stopping.

Owners of small businesses are experiencing a great hip of ransomware attacks since they present a great attacking point to cyber criminals. As a matter of fact, a security report states, that 54% of UK companies were hit by ransomware in the last year. The problem that arises here, as National Cyber Security Alliace states, is that 60% of small businesses hit by cyber attacks end up going out of business.

Everyone is a target; therefore we all should take needed precautions and most importantly always
stay informed on the latest variants and ransomware discoveries. CBR listed the latest versions:

El Gato

This one is for Android users. Cat-themed ransomware displays cute cat images once users’ device has been infected and locked. It has the ability to steal users SMS Messages, encrypt their files and also has botnet capabilities. It is not an advanced variant since it is find to be easily decrypted.


Here, most probably the name of the ransomware should tell a lot. However, it has been discovered by a Jakub Kroustek, malware analyst who stated that this ransomware was developed by less-skilled hackers that for the attack method used file detection. Once you become a victim it will display a picture of Hitler. It doesn’t even encrypt files, so what it does is that it removes the extension for all the files under different directories. The ransom that the victim had to pay was 25 Euro Vodafone Card. However, if the victim refused to pay, the ransomware would crash victims’ computer and delete all files. So, here a good offline back up would be a good prevention.

Cerber v2

This ransomware variant was more advanced in a sense that it was capable to escape general antivirus checkers due to the fact that it was updating its hash all the time. So general antivirus product were not able to detect it since they were left without the malware signature. Soon, Trend Micro released a free decryptor tool to crash the malware so Cerber presence didn’t last long.

These are only few version that were present, there are many other that are uncovered and many more that still hide it the dark part of the cyber world. Back up your files regularly and install a ransomware protection that is capable to defeat all ransomware variants. Isn’t it better to pay a little for a security protection than huge amounts in ransom?!

At the end it’s your choice. Ransomware analyst at Zemana devoted their time to spare you guys all the headache ransomware can cause. They developed a product that is capable to defeat known and unknown ransomware variants as stated by MRG Effitas. See report here.

Simply, install ransomware protection and stay worry free.