• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
WittySparks Logo White

WittySparks

Ignite Your Thoughts

  • Topics
  • Reviews
  • Newsletter
WittySparks / Technology / Cybersecurity / Locky Ransomware Encrypts Local Files and Unmapped Network Shares
Security concept

Locky Ransomware Encrypts Local Files and Unmapped Network Shares

Cybersecurity April 13, 2016 by Nishitha

As if the earlier ones weren’t enough nuisances to deal with, a new version of Ransomware has been unearthed in the last few days. Going by the name of “Locky”, this Ransomware takes the help of AES encryption to encrypt the important files from your device.

After holding those files for ransom, Locky demands 0.5 bitcoins to give them back to you in their earlier shape. As long as you don’t give Rocky what it demands, it won’t decrypt the files.

Although the name Locky sounds childish, the transportation and working mechanism of this Ransomware is anything but. It targets vast types of files the most potent weapon of which is its ability to encrypt data on unmapped networks.

While this encryption of data on unmapped networks wasn’t common, it was the DMA Locker who introduced this concept in modern Ransomware. Thus, now that Locky has reused the same technology, but with advanced effects, it is safe to assume that this method will be integrated into every upcoming Ransomware from now on.

Looking at its functionality and it has to be said that Locky has lent most of its habits from previous Malware. After adopting encryption from DMA Locker, Rocky uses CryptoWall’s technique of completely changing the file names. As a result, even when the virus won’t be fully functional, it would become virtually impossible for the user to restore it without decrypting the file by paying the ransom.

Locky has used Fake Invoices for its spread

“Please see the attached Invoice”. This will be the message that would be listed in the email which would contain the Locky Virus. Along with the email, there would be a Word document that, upon execution, will transfer the Locky file to the device.

After you have clicked on the file, it would download the Macro in the “Temp” Folder before execution. After that, it will only be a matter of minutes before Locky Ransomware infects your computers.

How Locky Changes the Names of the files that it encrypts

After the Ransomware gets executed on your computer, Locky will prescribe your device a 16-digit code. It will then scan all the computers along with the unmapped Network shares.

The purpose of this thorough scanning is to find out the files which Locky can encrypt. During encryption, it will take into account the AES encryption algorithm. Using this algorithm has an advantage as it will only encrypt those files that match the extensions of Locky.

Looking at its functionality and one thing that we could gauge is that Locky does skip some files. Those files that circumvent the attack of Locky have the following extensions i.e. x86, Program Files, temp, thumbs.db.

One thing that should be stressed here is the ability of Locky to encrypt files from uncharted network shares. While the normal Ransomware would only encrypt those files that are mapped to a local drive, this Ransomware would encrypt those as well aren’t diagramed to a local drive. This is another technique that is burgeoning in the last few months and it is expected that this method will be seen more in the upcoming Ransomware.

While the ancient Ransomware had its shortcoming as it allowed in some cases the shadow volume copies, which can be used to restore the encrypted files, Locky deletes them as well. Thus, there is no way for the victim but to pay in order to get back his/her valuable files.

Leaving behind its traces, some notes will be created in every folder from where the files were encrypted. These notes are known as ransom notes. As evident from their names, the Ransom notes would tell the victim the method of payment.

How the Locky Decrypter Page Looks like

As evident from its name, the Locky “Decrypter” Page will let the user decrypt the files which were encrypted by Locky in the first place. However, before doing that, it would demand a ransom.

The homepage of Locky Ransomware will comprise the instructions of payment. It provides further “facility” to the victims by telling them how to purchase bitcoins, the amount of Ransom, and the address where they should send it afterward.

After sending the ransom to the specified address as given by the Locky Decrypter page, this page will give the user a decrypter with which they can decrypt their files.

How to get rid of .locky File extension

Even though the aforementioned discussion might give you a tough picture of the Locky virus, downloading the .locky virus remover from nabzsoftware.com would save you from this nuisance. Here is a reputable security suite that allows the complete removal of the entire Ransomware in just a single click.

After you have removed the mother of all evils i.e. Locky Ransomware, now you could turn to the data recovery part since removing the Ransomware without recovering data is useless.

Related Topics

  • BitDefender vs. McAfee: Why I switched to BitDefender?
  • How to Organize Passwords on Your Computer?
  • How to Protect Your Network While Browsing Online
Previous Post: « The 3 Best Websites for Interviewing With Your Next Employer
Next Post: Things You don’t know about the Spreading and Working of Ransomware »
Profile picture for Nishitha

About Nishitha

Co-founder of WittySparks
WittySparks Staff

I am done with my Physiotherapy Graduation. And I always try to share Health and technology tips with people. Apart from Physiotherapy and being a tech savvy, I do explore more on Technology side and I keep sharing my findings with wider audience.

View all posts by Nishitha

Primary Sidebar

Search

Exclusive Coupons

  • Moqups coupon code: WITTYSPARKS for 20% or PARTNERS50 for 50% discount.
  • WPForms coupon code: WITTYSPARKS for 50% off.
  • Serpstat coupon code: wittysparks_discount for 30% off.
  • SEO Buddy coupon code: WITTYSPARKS for 25% off.
  • Morningscore coupon code: wittysparks for 30% off for 3 months.
  • FlexClip coupon code: WITTYSPARKS for 30% off.
  • Uplead coupon code: “witty” for 30-day free trial.
  • FastestVPN coupon codes: WITTYSPARKS15 or WITTYSPARKS10 or Get up to 93% OFF.
  • Outranking.io coupon code: WITTYSPARKS50 for 50% off.

For more such offers visit our exclusive offers for SEO, Bloggers, Marketers and for Business owners.

Featured Productivity Software

Notion logo
Notion

Whether you’re a solo entrepreneur or a large team, Notion Workspace can help you stay organized and get more done. Get started today and take your productivity to the next level.

Try Notion for FREE

Footer

Affiliate Disclosure

If you make a purchase from WittySparks links, we will receive a small commission. See our Affiliate Disclosure.

Sponsors

Partnered with FreePik to use the licensed images.

turn to dhgate for smartphone

Follow Us

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • Instagram
  • YouTube
  • RSS

Copyright © 2023 · Hosting sponsored by Rocket.net (Affiliate link)

  • About Us
  • Contact Us
  • Privacy Policy
  • LinkedIn
  • Twitter
  • Like
  • Pinterest