Home » Antivirus » Locky Ransomware a new breed of Dridex Ransomware

Locky’ is the latest version to the Dridex ransomware family. It has a unique name and carries the same uniqueness. Read more about it from the post below.


What is Locky Ransomware?

Locky is a new kind of file-encrypting Dridex ransomware. It does two things:

  • Encrypts the files it sees in the PC it attacks.
  • Modifies the extension of the encrypted documents to .locky

And as most of us know, the encrypted documents can be decrypted only with a key present with the cyber criminal and for a price.

Who all are in the danger zone?

Locky ransomware is known to attack Windows users.

How does it harm a PC?

The ransomware seems to be using separate spam email campaigns to infect and spread its target victims.

In one example, it’s been noticed that the email looks to be from a popular firm, and asks the user to download an invoice document.

The document includes text that looks unreadable or incomprehensible. And to make the text readable, the user requires enabling ‘macros’.

If the user falls for this lure and permits the ‘macros’, a series of automatic procedures is triggered that finally ends up in installing the Locky Ransomware on the device.

Once inside the device, the ransomware starts encrypting whatever files it can see.

What happens next?

Once Locky is done encrypting the files, it shows a message to the user on the desktop. The message tells what has happened, and that decrypting the documents is only possible by buying a private key from the hacker; the cost could be up to $400.

What do us advice?

  • Back up your important documents, and make sure the backup is encrypted. This will ensure that the data does not used by any stranger.
  • Do not faith any email that tells you to download a file, survey forms, software, or anything that you were not thinking; no matter how urgent, professional, or grand the email may sound or look. If you think the email is real, have it cross checked with the sender over a call or personally.
  • Do not use your PC with an ‘Administrator’ account unless required. Logged in as an administrator and being attacked by a virus can cause irreparable harm to your PC. Always log in as a standard User for day-to-day work.
  • Keep your Windows Operating System and all other programs/applications up-to-date with the latest safety updates/patches. In most scenarios of ransomware infections, the virus takes advantage of security weakness present in the user’s device.

How AVG helps?

The latest released to AVG desktop products that stops the attack of Locky Ransomware. In spite of this, multilayered defense mechanism helps secure all kinds of malware threats comprising new ransomware infections.

Email Security stops emails carrying infected attachments and files.

Web Security stops websites having hidden viruses and malwares, and websites designed for phishing threats.

Advanced DNA Scan stops unknown and new malware that can cause the most harm.

Anti-Ransomware stops ransomware from encrypting any data. The feature works in several ways to secure a potential ransomware threat. AVG Technical Support is always available to help users in case of any problem with AVG Antivirus.

  • Diagnose every downloaded file whose information could become a potential ransomware threat.
  • Analyzes how software works in real-time, so that it can be blocked before it does any harm.
  • Proactive backup stops data loss even in cases where a few files might get encrypted by a ransomware.
  • Assists user keep a track of data that have gotten encrypted.
  • Alerts user instantly to take a corrective action.
  • Removes detected ransomware infections; blocks them from spreading and doing any harm.

We are keeping a track of all the activities of the Locky Ransomware and its changes. We will keep you updated in case we come across anything vital. Stay secure!