Lockys are essentially ransomware that encrypt files on the computer they infect. It is quite a destructive virus that encrypts any personal documents you have saved on your computer. It uses the RSA-2048 key (encryption algorithm) to do this, and appends this virus’ extension to the encrypted files, and there are many variants of this virus.
Locky uses various high-grade features including strong RSA-2048+AES-128 file encryption, custom encrypted communication, domain generation algorithm as well as TOR/BitCoin payment. It has the ability to encrypt in excess of 160 different types of files including databases, source codes and virtual disks. It appeared on the virtual landscape at the beginning of 2016. Since then, it has dangerously proliferated & infected hundreds of thousands of computers across the globe.
How do they get on your computer? – The facts
• These viruses spread via spam email campaigns that are very akin to the ones that Dridex Botnet uses.
• They also use email content, obfuscation, download URL structures and file names that are very similar to the ones used by the latter.
• This ransomware is very smartly distributed through via infected attachments /spam emails that contain links which lead to malicious websites.
• The spammers send out an email that has forged information on the header; this tricks you into believing that the email has been sent to you by some company like FedEx or DHL. The email states that the company unsuccessfully attempted to deliver a package to you.
• At times, these emails may be in the form of notifications of some shipment that’s been made by you.
• If you open up that attachment in the mail or a link within the email, the Locky virus infiltrates your computer.
• The system then displays a message that demands a ransom ranging from BTC 0.5 to BTC 1.00, to decrypt your data. (BTC is the short form of “bitcoin” which is a virtual currency). Currently 1 bitcoin is worth approximately $400/£280.
While it’s possible to remove the ransomware using some online tools, its best to prevent it from infecting your PC in the first place.
How to Prevent the Locky ransomware from infecting your computer
• Backup all your important files to an offline location, regularly. It’s important that you do this even if you backup data on Cloud.
• Make sure your OS is updated
• Never open up any attachment from a source you don’t recognize
• When you aren’t really installing anything, be very careful if your computer asks you for permission and never click blindly on the “Allow” button
• You can install the Microsoft Office Viewer software as it doesn’t have an option to run macros
• Load a good Antivirus Software that also has an effective Anti-Ransomware feature and ensure its updated regularly
For any more information about the Locky Virus and how to remove it, please contact PcplanIT at this number- 03 5976 4500. Our virus removal Mornington Peninsula experts will be more than happy to provide you all the information you need and assist you with any other PC-related issues you may be facing.