The Locky Virus – What you need to know

“Locky” may sound like a cheerful name, but it is also the nickname of a new ransomware. The reason it is called the Locky virus is because it renames all your important files so that they have the extension “.Locky”.

Of course the virus doesn’t only rename your files, it scrambles them first and only the cyber criminals have the decryption key. You then have to buy the so-called decryption key from the crooks via the dark web.

The prices may vary, however they’ll ask to be paid in bitcoins, where one bitcoin is worth about $400 / R6000.

The most common way that the Locky virus arrives is as follows:

       ·         You will receive an email containing an attached document.

       ·         The document looks like complete jargon.

       ·         The document will then advise you to enable macros “if the data coding is incorrect”.

       ·         If you enable macros, you don’t actually fix the text, instead, you’ll run code inside the document that saves a file to disk and runs it.

       ·         The saved file works as a downloader, which then fetches the final malware payload from the criminals.

       ·         The final payload could be anything, but in this case it is the Locky ransomware.

The virus will remain out of sight, but you may have noticed signs of its presence, such as your PC performing poorly and programs taking forever to load.

Ransomware viruses usually try to pose as windows programs and services, so if you see two with the same name and one of them is using a lot of CPU power – you have your culprit! The next step to take is to shut down the process and delete all associated files or better yet contact us immediately at The Computer Guyz!

Once the Locky virus is ready to start demanding ransom from you, you’ll see the following message…

The criminals are now hoping that the surprise shock will push you to the edge and you’ll be panicked enough to pay them the ransom. Well, NEVER pay the ransom – here’s why:

   o   Paying money to cyber criminals will only encourage then to get better at what they do and take advantage of even more people.

   o   There is no guarantee that your files will be decrypted successfully if you make the payment.

   o   There is no reason to pay until you’ve tried all the methods to remove it first or contact the IT experts at The Computer Guyz.

Paying the ransom should only ever be considered is all the other options have been exhausted and the documents encrypted are worth much more than the ransom money.

SUMMARY

Name:	.Locky
Type:	Randomware
Danger Level:	High – ransomware viruses are the highest threat level there is!
Symptoms:	PC slowness, file encryption, ransom demand
Distribution Method:	Trojan horse “droppers” – directly via email attachments and malicious websites.
Detection Tool:	Ransomware are notoriously difficult to track down, since they try to deceive you. Contact The Computer Guyz to find all files related to the infection.