How does Locky ransomware works and How to Remove it

computer security tools

What is Locky Ransomware?

Locky is a computer virus hijacker/ransomware that is distributed through malicious .doc files attached to junk email messages. This ransomware later asks for huge amounts of money to unlock your computer. This Word document contains coded texts that appear to be macros. Once the user enables the macros in the Word program, an executable (the cryptographic virus) is downloaded.


What happens next is that multiple files are encrypted. It is notorious that Locky changes the names of all files by 16 letters and unique digits with the file extension .locky (.zepto). Hence it is almost impossible to identify the files. All of them are encrypted with an algorithm RSA-2048 and AES-1024; therefore, a private key (which is stored on the remote servers controlled by the cybercriminals) is required to perform the decryption. To decrypt the files themselves, the victim must pay a ransom.

When files have been encrypted, Locky creates a .txt file. Within each folder that has encrypted files. To make matters worse, this cryptographic virus changes the desktop wallpaper. Both text files and the wallpaper reproduce the same message that informs the user about the encryption.

Q.How to Safeguard Yourself from Virus, Ransomwares and other Trojans ?

A. Install Eset Smart Security which is one of the light-weight and most powerful anti-virus. It is an award winning anti-virus which offers wide array of features.

eset smart security

It is ensured that the files can only be decrypted with a decrypter developed by cyber criminals that cost 0.5 BitCoins (at the query date, 0.5 BTC was equal to 207.63 $). To do this, the victim must install the Tor browser and click on the provided link in the text files/wallpaper. The website contains step-by-step instructions for making the payment. It should be noted that Locky removes all shadow copies of files. At the date of consultation,

Locky decryption instructions

Research results show that there are hundreds of malicious programs in the ransomware category that are similar to Locky; for example, Cryptowall, JobCrypter, UmbreCrypt, TeslaCrypt, and DMA-Locker. All of them act in the same way: they encrypt the files and demand a rescue. The only difference is the amount of the rescue and the type of algorithm used to encrypt the files. The results of investigations indicate that there is no guarantee that he will recover his files even though he has paid the ransom. If you make the payment, you will be supporting the malicious business of cybercriminals. For that reason, you should never pay the ransom or try to contact them.

Locky virus

Users should also be informed that malicious software such as Locky is normally distributed through software updates, P2P networks, malicious e-mail attachments, and Trojans. Therefore, it is very important to keep all installed programs up to date and verify what you are downloading. Users should also be careful when opening e-mail attachments sent from suspicious addresses. It is imperative to use a reliable antivirus or antispyware solution.

You will then see a screenshot of the email message used to distribute the Locky cryptographic virus. E-mail with subject ” ATTN: Invoice J-12345678 ” and the infected attachment ” invoice_J-12345678.doc ” (contains macros that download and install the Locky virus blocker in the victim’s system):

Dear someone, Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice. Let us know if you have any questions. We greatly appreciate your business!

How to Remove Locky Virus Ransomware File Encryption

Important Tip: If your system is infected with Locky Ransomware it is best to get guidance from someone who it well versed with Windows and Security Issues.

Video 2


5/5 (2)

Please rate this