Like all ransomware, Locky attacks its victims by encrypting important files on their computers and demanding a ransom to have them decrypted. Locky emerged sometime in 2016 and spread to many regions in the world such as North America, Europe, and Asia. In its first major attack, the ransomware targeted a hospital in Los Angeles where a ransom of $17000 was paid.
Why Does Locky Come From?
Phishing campaigns are the main vector through which the Locky ransomware is spread. It can also be spread through unsecure websites and mal-adverts – adverts that are infected with malware. When you click on such an advert, you inadvertently download the malware on your computer.
Once you open an attachment from an infected email, which usually contains an MS Word document, you will be prompted to enable macros so that “its contents can be displayed properly”. But that is how the malware finds its way into your computer as enabling the macros also activates a malicious script that installs the Locky ransomware.
Soon after the malware gets a foothold on your device, it will do a quick scan of the files and folders that are available and encrypt them. The Locky ransomware is also known to scramble a computer’s source code, thus rendering it unusable. It is one of the reasons that makes Locky one of the most dangerous ransomware threats on the planet.
How to Detect the Locky Ransomware
One way to tell if you are under attack by the Locky ransomware is to go through your email. If you receive emails that are often disguised as payment invoices with payment notices and due dates, then it is likely that you are under attack. As again, it is one of the most common tricks that the Locky ransomware uses to infect computers.
The other obvious tell-tale sign of the Locky malware is that it will encrypt the files on your device and leave a ransom note that asks its victims to install the Tor browser, go to a particular site, and to send a ransom amount in Bitcoins to a specific Bitcoin address. Usually, the ransom amount ranges for 0.5 to 1 bitcoin. Failure to pay the ransom means that your files will remain encrypted indefinitely.
How to Remove the Locky Ransomware
Should you choose to pay the ransom amount, the Locky malware will stop all nefarious activities on your device. But paying the ransom is not something that you should even be considering as it only encourages cyber-criminals to continue with their thieving ways. Plus, there is no telling that the cyber-criminals will no longer attack you the following month, or year now that they have established your willingness to pay the ransom amount.
Another way of getting rid of the Locky ransomware involves cutting your losses and using a powerful anti-malware tool such as Outbyte Anti-Malware to thoroughly remove it from your PC.
For the antivirus to be as effective as possible, you need to run your computer on Safe Mode with Networking. This will isolate all but the essential Windows apps and processes that making it easier to troubleshoot any performance issues.
Here is how to get to boot your Windows device into Safe Mode with Networking from a blank screen:
- Shut down your computer by holding the Power button for about 10 seconds.
- Press the Power button again to turn it on.
- On the first sign that your device has powered up, shut it down again by holding the Power button for another 10 seconds.
- Repeat the steps above until you enter the Windows Recovery Environment (winRE).
- Now that you are in winRE, on the Choose an Option screen, select Troubleshoot > Advanced Option > Startup > Settings > Restart.
- After your device restarts, press the F5 or 5 key to get to Safe Mode with Networking.
Now that you are in Safe Mode with Networking, you can use network resources to download anti-malware tools as well as a PC repair tool.
You might be asking yourself why do I need a PC repair tool when dealing with the Locky ransomware? Well, the repair tool will clean all the junk files such as downloads, empty the temp folder, clear browser history, and any other space that the malware might use to hide. Doing this will prevent secondary infections. The other thing that the PC repair tool will do for you is to repair broken registry entries and unscramble the PC code that might have been damaged by the Locky ransomware. In short, the repair tool will return your computer to performance levels before the infection took hold.
To remove the malware 100%, it is best that you also use at least one Windows recovery option after the anti-malware tool has completed its work. Some of the recovery options available to you on Windows 10/11 include System Restore, Windows Refresh, and the reset options.
System Restore
If you have a restore point on your computer, then you can use that restore point to undo any changes to Windows settings, system files, and apps that are problematic. Here are the steps to take to get to System Restore:
- Into the Windows search box, type “create a restore point”.
- On the System Properties app, navigate to the System Security tab and select System Restore.
- Choose a restore point from the list of the restore points available on your computer.
- Follow the on-screen directions to complete the process.
Note that system restore will only work if you already have a restore point on your device.
Refresh Your Computer
The Windows refresh option lets you return the Windows OS to its default state, but with the option of keeping your files and folders. But since you are a victim of a ransomware attack, you really don’t have to keep the files and folders. The following are the steps to take:
- Go to Settings > Change PC settings.
- Click Update and recovery.
- Under Refresh your PC without affecting your files, click Get started.
- Follow the on-screen instructions to complete the process.
How Do You Prevent the Locky Ransomware from Infecting Your Computer?
By following some basic security measures such as not downloading attachments from unknown sources, you can prevent most malware attacks. Also, keep a backup of your files so that even if you are a victim of a vicious ransomware attack, you will still have your files somewhere.