Locky virus is one of the most destructive ransomware-type infections which occupy an operating system and encrypts all data on it. The initial extension the virus used for the encrypted files was .locky, but as the threat evolved, new extensions such as .asasin, .ykcol, .diablo6, .osiris, .odin, .thor, .zepto, .shit, .aesir and .loptr emerged. Locky is a type of ransomware distributed via malicious .doc files attached to spam email messages.
It first appeared in early 2016. This ransomware hits your system when you least expect it. It locks your computer system and only unlocks it when you pay the ransom. Locky uses AES (Advanced Encryption Standard) algorithm to encrypt your system and this is only possible once you download the malicious attachment and Enable the Macros settings.
How does it work?
Generally, the victims download the ransomware to their computers themselves as a regular email attachment, typically, a .doc file carrying an embedded script which gets executed if the Word Macros is enabled.
The spam email that you receive contains common subjects like ‘documents’, ‘please print’, ‘photo’, ‘images’, ‘pictures’ and ‘scans’, which may change depending on the target audience.
If you open this email and click on the attachment, the latest version of the Locky ransomware gets downloaded and encrypts all the files on your computer.
You receive instructions demanding the installation of a TOR browser and visiting (dot) onion sites. The instructions also demand from you to pay the ransom.
What is so special about Locky?
Due to the high number of infections Locky was described it as one of the most successful families of ransomware of all time.
Technology behind Locky ransomware is the most sophisticated one among all ransomware types. Researches still haven’t been able to crack the strenthg of its underlying cryptography, which indicates that this is the work of a higly professional group.
Will I get my data back if I pay the ransom?
To ensure victims can make the payment, attackers provide you with instructions on how to download and install the Tor browser and how to buy Bitcoin.
The payment is supposed to buy a special software in the form of a “Locky decryptor”, which the victim needs to get their files back.
There is this possibility of paying the ransom to the hackers. But there’s no guarantee it will work, because cybercriminals aren’t exactly the most trustworthy group of people.
Also, paying the ransom may encourage these bad guys to continue and even expand their operations. We strongly suggest that you do not send any money to these cyber criminals, and instead address to the law enforcement agency in your country to report this attack.
How to prevent Locky ransomware from infecting my PC?
To prevent Locky ransomware or any other type of malware from infecting your PC, it is crucial to have an antivirus software installed on your PC as a basic protection together with an antimalware protection that will serve as an additional layer of protection. Also, you need to have backup for your personal documents.
Unfortunately, once your PC has been infected and your data encrypted, you cannot recover them. Hackers behind the Locky ransomware claim you will get your data back once you pay the ransom but noone can guarantee this will happen.
Antivirus and antimalware software can only remove the infection from your PC or they can block it/prevent it from infecting your PC if you were wise enough to have them installed on time. However, they cannot recover your encrypted files. Therefore, it is highly important to protect your files on time.
If you are using Zemana AntiMalware premium version (which comes with 15-days free trial), it will protect you by blocking the Locky ransomware on time. This way, it will prevent it from infecting your PC.
However, if you decide to continue using the Trial and do not wish to purchase the Premium subscription at the end of the trial, your Zemana AntiMalware program will disable premium features. All other (basic) features will remain unchanged. This means that you will no longer be protected from Locky, but you will still be able to scan your PC with Zemana AntiMalware, which will detect Locky and block it.
Therefore, the best prevention against Locky virus is installing the right protection solution even before you get infected.
Zemana AntiMalware as a Locky removal tool
According to MRG Effitas, Zemana AntiMalware has proved to be the best anti-ransomware software on the market.
If you are looking for a solution that will help you in removing Locky, it is important to note that Zemana AntiMalware is compatible with any antivirus software that you might have on your PC and will run alongside it without any conflicts.
Below you can find a guide on how to detect and remove this ransomware with Zemana AntiMalware.
- STEP 1: Download Zemana AntiMalware here.
- STEP 2: Once download, install the software on your PC. You can do this by double-clicking on ZAM program icon on your desktop or in your download files.
- STEP 3: Press the “Scan” button.
- STEP 4: When the scan is complete, click “Next”.
- STEP 5: Restart your computer if you are prompted to do so.