Blog
Rajiv Singha

Security Alert! Locky Ransomware on the loose

April 11, 2016
  • 110
    Shares
46
locky_ransomware
Estimated reading time: 3 minutes

‘Locky’ is the latest addition to the ransomware family. It has an interesting name and carries the same nastiness. Read more from the post below.

What is the Locky Ransomware?
Locky is a new file-encrypting ransomware malware. It does two things:

  • Encrypts the files it finds in the PC it infects.
  • Changes the extension of the encrypted files to .locky

And as most of us know, the encrypted files can be decrypted only with a key available with the cyber crook and for a price.

Who all are in the red zone?
Locky ransomware is known to target Windows users.

How does it infect a machine?

The ransomware seems to be using different spam email campaigns to spread and infect its target victims.

In one campaign, it’s been noticed that the email seems to be from a popular organization, and asks the user to download an invoice attachment (MS Word doc).

The document contains text that looks incomprehensible or unreadable. And to make the text readable, the user needs to enable ‘macros’.

If the user falls for this trick and enables the ‘macros’, a series of automatic processes is triggered which finally results in installing the Locky Ransomware on the machine.

Once inside the system, the ransomware begins encrypting whatever files it can find.

What happens next?
Once Locky is done encrypting the files, it displays a message to the user on the desktop. The message informs what has happened, and that decrypting the files is only possible by purchasing a private key from the hacker; the cost could be up to ₹ 26,558/- ($400).

What do we suggest?

  • Back up your important files regularly, and have the backup encrypted. This will make sure that the data does not misused by anyone.
  • Do not trust any email that asks you to download an attachment, a software, survey forms or anything that you were not expecting; no matter how professional, urgent, or grand the email may look or sound. If you think the email is genuine, have it verified with the sender over a call or personally.
  • Avoid using your computer with an ‘Administrator’ account unless necessary. Logged in as an administrator and being attacked by a malware can cause irreparable damage to your PC. Always log in as a standard User for day-to-day usage. Here is a post that explains more about why you shouldn’t run as admin?
  • Keep your Windows OS and all other programs/applications up-to-date with the latest security updates/patches. In most cases of ransomware infections, the malware takes advantage of security vulnerabilities present in the user’s system.

How Quick Heal helps?

We have released an update to Quick Heal desktop products that prevents the attack of Locky Ransomware. Besides this, our multilayered defense mechanism helps prevent all types of malware attacks including new ransomware infections.

Email Security blocks emails carrying malicious links and attachments.

Web Security blocks websites containing hidden malware and viruses, and websites designed for phishing attacks.

Advanced DNAScan stops new and unknown malware that can cause the most damage.

Anti-Ransomware stops ransomware from encrypting any data. The feature works in multiple ways to prevent a potential ransomware attack.

  • Scans every downloaded file whose components could become a potential ransomware attack.
  • Analyzes how a program behaves in real-time, so that it can be stopped before it does any damage.
  • Proactive backup prevents data loss even in cases where certain files might get encrypted by a ransomware.
  • Helps user keep a track of files that have gotten encrypted.
  • Alerts user immediately to take a corrective action.
  • Isolates detected ransomware infections; stops them from spreading and doing any damage.

We are keeping a track of the Locky Ransomware and its developments. We will keep you posted in case we come across anything important. Stay safe!

  • 110
    Shares

Have something to add to this story? Share it in the comments.

Rajiv Singha
About Rajiv Singha
Rajiv is an IT security news junkie and a computer security blogger at Quick Heal. He is passionate about promoting cybersecurity awareness, content and digital...
Articles by Rajiv Singha »

46 Comments

Leave a Reply to AmanJaiswal505@gmail.com Cancel reply

Your email address will not be published.

CAPTCHA Image

  1. RANJEET KUMKARApril 12, 2016 at 8:33 PM

    Security Alert! is very goods

    Reply
  2. chunaram334@gmail.comApril 12, 2016 at 8:38 PM

    i like

    Reply
  3. Swami SushantanandaApril 12, 2016 at 9:15 PM

    Many thanks for giving me valuable alertness message.

    Reply
  4. Prodip ghoshApril 12, 2016 at 10:19 PM

    GD

    Reply
  5. how is rocky….that is various

    Reply
  6. md khlid razaApril 13, 2016 at 1:36 AM

    this is safe and secure for our system.
    thank’s quick heal

    Reply
  7. Bharat digwalApril 13, 2016 at 8:37 AM

    hii

    Reply
  8. M P SharmaApril 13, 2016 at 9:45 AM

    Am happy to be using Quick Heal

    Reply
  9. excelent

    Reply
  10. hardasbhaigojiya@gmail.comApril 13, 2016 at 12:20 PM

    LIKE TO QUICKHEAL

    Reply
  11. MallikarjunApril 13, 2016 at 1:59 PM

    Most Useful for us
    Thanks

    Reply
  12. AmanJaiswal505@gmail.comApril 13, 2016 at 4:00 PM

    Aman jaiswal

    Reply
  13. namrata chandelApril 13, 2016 at 6:33 PM

    dangerous

    Reply
  14. Good softwir

    Reply
  15. karthikeyanApril 14, 2016 at 7:26 AM

    good

    Reply
  16. vivek masihApril 14, 2016 at 8:47 AM

    thanks

    Reply
  17. Santosh Kumar mehtaApril 14, 2016 at 9:25 AM

    Like

    Reply
  18. Rajesh kumar rajApril 14, 2016 at 11:41 AM

    SECURITY ALERT

    Reply
  19. HIMANSHU GAGATApril 14, 2016 at 9:34 PM

    NIC

    Reply
  20. this is a great

    Reply
  21. I love it thanks

    Reply
  22. RAJPAL SINGHApril 15, 2016 at 6:41 AM

    Guardian Netsecure

    Reply
  23. Santanu Ku.PatraApril 15, 2016 at 2:14 PM

    Hi

    Reply
  24. AJAY PRATAPApril 15, 2016 at 8:41 PM

    Thanks. This does help!!

    Reply
  25. sachin tiwariApril 16, 2016 at 9:29 PM

    very good

    Reply
  26. shuvankar deyApril 17, 2016 at 3:48 PM

    good

    Reply
  27. hiren vyasApril 17, 2016 at 5:53 PM

    I have renewed quick heal total securities on line through credit card payment on 29/03/2016 order no. 100699357 transaction no.60892249709 (ICICI BANK) for 1 year payment Rs.1364/- your thanks for renewal email recd .but on my pc renewal are not shown up till now kindly look in to the matter & talk necessary action in this.

    Reply
    • Rajiv Singha Rajib SinghaApril 18, 2016 at 2:26 PM

      Hi Hiren,

      Our renewal team is looking into the matter. They will get in touch with you soon.

      Regards,

      Reply
  28. C BhattacharyyaApril 17, 2016 at 7:16 PM

    Start my security

    Reply
  29. saurah raiApril 17, 2016 at 8:56 PM

    better than all…

    Reply
  30. sandip GuravApril 18, 2016 at 1:55 PM

    It’s Very Nice, Thanks Quick Heal

    Reply
  31. santanu mukherjeeApril 19, 2016 at 9:55 PM

    I am facing problem with quickheal guardinier. Every day machine hangs when opening, starts from safe mode run virus clean then starting in normal mode.

    Now a days it is nightmare to me.

    Please do the needful at the earliest.

    Reply
  32. SAGAR DUTTAApril 21, 2016 at 8:56 PM

    Happy to get knowledge

    Reply
  33. DINESH K MAKWANAApril 21, 2016 at 11:29 PM

    MY QUICK HEAL SECURITY NO WORKING PROPERLY

    Reply
  34. Hi,

    I have been using quickheal total security for last more than 7 years. I never had a problem, 2 days ago all of a sudden all my files were renamed with .DECRYPT and i figured out it was a ransomware, i was able to quickly restore my computer to an earlier date with Acronis, now the virus has been removed from my computer and all my C: data has restored, but my entire D: & E: data has .DECRYPT, it cannot be used at all, i need these documents badly. Does Quickheal offer any tool for restoring such encrypted files ?

    Thanks,
    Asad Khan.

    Reply
    • Rajiv Singha Rajib SinghaApril 28, 2016 at 10:39 AM

      Hi Asad,

      Thanks for writing in. We have shared your concern with our team. They will get in touch with you shortly.

      Regards,

      Reply
  35. mukund.tilak@gmail.comMay 6, 2016 at 8:27 PM

    My system has got attacked by Locky & Word, Excel files have been damaged. Will you be able to help me in recovering the same?

    Reply
  36. Pratibha AgarwalMay 15, 2016 at 9:48 AM

    hey i install the guardian net secure bt when i update it the virus protection is automatically disable and my net is not supported it plz help

    Reply
  37. is there any way to restore a file which is infected by locky extension by scanning with quick heal

    Reply