Advertiser Disclosure
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
Editorial Policy
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Locky ransomware is a cyberattack that extorts money from unsuspecting victims. Starting with a phishing email, you’re tricked into downloading malware from an email attachment. Then, a trojan encrypts your device’s files until you make a ransom payment. But even if you choose to send the money, you may not get your files back.
In order to protect your data and your finances, you must prevent ransomware from infecting your device. That means familiarizing yourself with hacker techniques, being cautious when receiving files and emails, and using the best antivirus software.
We’ll dive into what Locky ransomware is, how to remove it from your device, and tips to protect yourself against ransomware.
How does Locky ransomware work?
How to detect Locky ransomware on your device
How to remove Locky ransomware from your device
Tips to protect yourself against ransomware
Locky ransomware FAQs
Bottom line
What is Locky ransomware?
Locky ransomware is a cyberattack that relies on social engineering. Social engineering is an attack that uses your relationships to its advantage. Once your trust is established, it can be easy for cybercriminals to gain confidential information. Locky emails may show up in your inbox as an invoice that’s due, which makes you think it’s an attachment that’s safe to open. Thinking you need to pay a bill, you open the malicious attachment, which then infects your machine.
Locky ransomware is not new. The malware was first discovered in 2016, when it was used for an attack by a group of hackers. During this attack, Locky spread rampantly through phishing emails with infected attachments, which created 160 encrypted files. It even spread worldwide through North America, Europe, and Asia. One of the first targets was a Los Angeles hospital, which paid a $17,000 ransom.
How does Locky ransomware work?
Locky ransomware mainly attacks Windows devices. It begins with the Necurs botnet, which pushes out phishing emails that trick people into downloading malware. Once that happens, you end up with a trojan that encrypts files and then demands ransom money for their decryption. Millions of spam emails get distributed with Microsoft Word documents.
Once you open the attachment, it’ll prompt you to enable Word macros so the attachment contents can be displayed. But after enabling those macros, a malicious script will install the Locky ransomware on your device.
It’s easy to see how Locky ransomware can spread quickly from one person to another. You might not be suspicious of the email because the attachment is reported to be something like an invoice or a common file that doesn’t raise any flags. Once the files are encrypted, Locky changes encypted filenames and file extensions change to other file types like .aesir, .odin, and .osiris (all of which are versions of Locky).
One of the only functions you can still perform is to interact with the hackers, who demand a ransom for the release of your files or operating system. Typically, the goal is to lock you out of your device. Once that’s in place, you’ll get a plaintext message letting you know your files are encrypted, and there will be a ransom note explaining the steps you must take to get your locked files back.
Hackers may ask you to use Tor Browser and then visit their website on the dark web. There, you’ll receive more details about how to pay the ransom. Often these cybercriminals will want you to pay with cryptocurrency like bitcoin in exchange for the encryption key to unlock your important files.
Locky variants
There are several versions of Locky ransomware that you should be aware of:
- PowerLocky: This type combined Locky and fileless PowerWare ransomware and used phishing emails to infect files.
- Diablo: Diablo used the files extension .diablos6 to encrypt files. Its spam emails contained ZIP attachments and used more advanced methods to avoid detection.
- Zepto: Zepto emerged in 2016 and used the same techniques as Locky, sending emails that were personalized with the victim’s first name and ZIP attachments.
- Odin: Odin came after Zepto, following Locky’s behaviors with spam campaigns directed at people in the U.S.
- Osiris: Osiris introduced a new encryption algorithm that made it harder to track and shut down the infection. It also attacked Android and macOS along with Windows.
- Thor: First identified in 2017, Thor used code obfuscation to make detection harder for cybersecurity researchers. This is where an executable that’s no longer useful gets modified to hide malware.
How to detect Locky ransomware on your device
Sometimes even the best antivirus software can miss malware on a device. The best way to spot Locky ransomware is to become good at learning hackers’ techniques. You must know what to look for when receiving phishing emails or social engineering attacks.
If you get emails from random people or email addresses, don’t open them. It’s especially crucial not to open unknown attachments. These infected attachments may be disguised as critical documents or invoices to give you a sense of urgency. Don’t fall for it.
Also, pay attention to the language. Many of these emails will have bad grammar and be formally addressed to the recipient, like “Dear Sir/Madam.” Some emails may not have anything other than a subject line and the infected attachment.
How to remove Locky ransomware from your device
If you’re unfortunate enough to get Locky ransomware on your device, you may feel frustrated and overwhelmed. While it can produce some understandable anxiety, the good news is that you can remove ransomware by taking the following steps:
- Open your trusted antivirus software.
- Choose the Full Scan option to search all of your files.
- Remove any threats that are found.
Your antivirus software may be able to remove Locky from your device, but it cannot restore your data. To restore your data, your best bet is a decryption tool, which can scan your device to find the files on your hard drive. Unfortunately, there isn’t a foolproof method for releasing Locky’s encryption.
Best antivirus to protect yourself against ransomware
One of the simplest ways to protect yourself against future ransomware is to have the best malware removal tools at your disposal before things go sideways. If you aren’t sure where to start, here are some antivirus software recommendations:
- Norton: Norton is a popular antivirus that comes with plenty of additional security features, like a password manager and a virtual private network (VPN).
- TotalAV: TotalAV is an affordable antivirus option that’s easy to download, install, and begin using immediately.
- McAfee: McAfee is great for people who want excellent security protection with extras like identity monitoring, personal data cleanup, and a VPN.
- Easy-to-install antivirus protection
- Secure VPN and password manager included
- Parental control features
- Multi-tab navigation may be overwhelming at first
Tips to protect yourself against ransomware
You shouldn’t feel like ransomware is an eventuality that happens to everyone. With some planning, you can prevent ransomware from invading your device. Below are some practical tips you can use to keep those devious hackers away from your data.
- Use antivirus software: The first line of defense from any malware is to have a solid antivirus that will scan your device for anything suspicious.
- Know ransomware methods: Remember that the typical way ransomware gets distributed is through social engineering and email phishing.
- Keep software updated: Your operating system and software routinely send updates that may help patch known security issues.
- Only download from safe sources: Never open or download attachments from unknown people or addresses.
- Back up your files: Any important data should get backed up frequently to the cloud or another storage modality that’s not accessible from your device.
- Use a firewall: A firewall monitors incoming and outgoing traffic and blocks unauthorized users.
- Enable spam filters: These filters can decrease malicious emails and improve your email security.
- Disable macro scripts: Since most Locky attacks used malicious macros to distribute the ransomware, you can configure your Microsoft Office suite to disable them. If you decide to enable any macros, only do so from formats you trust and make sure to verify their legitimacy.
Locky ransomware FAQs
Is Locky ransomware still active?
Locky ransomware is no longer active, but there are plenty of ransomware methods to take its place. Learning how to spot ransomware is still necessary to protect your data and keep you from becoming a target for ransomware in the future.
What is an example of Locky ransomware?
One example of Locky ransomware is the 2016 attack on a hospital in Los Angeles, when hackers demanded and received $17,000 to resolve the hack. More healthcare institutions were attacked after that event.
What can you do to protect yourself from Locky ransomware?
There are several things you can do to protect yourself from Locky ransomware, like using antivirus software and becoming knowledgeable about the methods hackers use to infect your device.
Bottom line
By installing the best antivirus software for your needs and knowing how these hackers operate, you’ll be prepared when and if ransomware comes your way. Staying familiar with all the current social engineering techniques will help you avoid phishing emails and fake websites. Remember to download attachments only from known sources and don’t open emails from senders you don’t know.
The most important takeaway here is that you’re not helpless when it comes to any type of ransomware. We want to put you in the driver’s seat with actionable steps you can take to prevent these cybercriminals from successfully attacking your device. Ransomware attacks will come in all shapes and sizes to throw you off, but with the tips in this article, you’ll be way ahead of any hacker’s techniques.
- All-in-one protection for your personal info and privacy
- Excellent antivirus protection
- Additional features like a file shredder and parental controls
- Multiple pop-ups for text notifications can be annoying