A. What Is the Locky Ransomware?
Locky Ransomware is a piece of malware that encrypts important files on your computer, rendering them inaccessible and unusable. It holds them ‘hostage’, and in the meanwhile, demanding a ransom payment, in exchange for the encrypted files.
B. How Does Locky Ransomware Work
Locky ransomware is usually distributed via email, using social engineering techniques to spread the malicious code. The massive email campaigns were spearheahed by the so-called Necurs Botnet, which was considered one of the largest botnets before it went dormant. Necurs primarily distributed the Locky ransomware and the Dridex banking Trojan in its spam emails.
The most commonly reported infectious mechanism of Locky involves receiving an email with a Microsoft Word document attachment that contains the code. The document is gibberish and prompts the user to enable macros to view the document. to prime Locky’s payload. Once the virus is deployed, it will get loaded into the system’s memory. After that, it will begin encrypting documents, renaming them as hash.locky files. In addition, Locky installs .bmp and .txt files, and will encrypt network files that the user has access to.
This has been a different route than most ransomware since it uses macros and attachments to spread rather than being installed by a Trojan or using a previous exploit.
Locky variants have used a number of different file types in order to trigger the infectious process including:
Support the originator by clicking the read the rest link below.
