Ransomware

Locky

First seen: 2016 • Status: inactive

Currently Inactive

Locky was ransomware that spread through millions of spam emails, encrypting files and demanding Bitcoin payment.

Overview

Locky was a prolific ransomware distributed primarily through the Necurs botnet. It infected hundreds of thousands of systems and used multiple file extensions for encrypted files.

Also Known As

Locky ransomware

How It Spreads

  • Necurs botnet spam
  • Malicious Word macros
  • JavaScript attachments

What It Does

  • File encryption
  • Multiple extension variants
  • Bitcoin ransom demand
  • Network share encryption

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for macro-enabled document execution
  • Check for Locky file extensions
  • Analyze email attachments

MITRE ATT&CK Techniques

T1486, T1566, T1204, T1059

If You're Infected

  1. 1.

    No free decryptor available - restore from backups

  2. 2.

    Block malicious email attachments

  3. 3.

    Disable Office macros

Related Malware

Necurs, Cryptolocker, Cerber

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices