IT Support in Seattle

Enter Your Information Below To

Book a Complimentary Review.

















CyberStreams will never sell or rent your contact information. Your info is secure with us.

Meet Locky – The Most Dangerous Form of Ransomware

By:Christine Fettinger

Ransomware attacks spiked in 2016, with over 634 million more attacks than the year before. Locky, the most prevalent form of ransomware today, accounted for about 500 million of these attacks. In second place came Peyta, but it was well behind with only 32 million attacks.

Locky was born in February of 2016 and by the third quarter of that year, it was used in nearly all of malicious email attacks. The developers consistently update their software to evade security tools, implement anti-analysis features, and change distribution techniques, which accounts for this particular malware’s dominance.

Locky is delivered through phishing emails that trick users into opening their attachments, usually a Microsoft Word document or a ZIP archive. Often these emails look like an invoice from a vendor requiring payment. When the user opens the document, it appears to be gibberish and will then prompt the user to ‘enable macros if data encoding is incorrect.’ Enabling macros will launch the Locky virus, which will then load into the memory of the user’s system, encrypt documents as hash.locky files and install .bmp and .txt files. Attached ZIP archives contain one or more obfuscated scripts in JavaScript, which the user will be prompted to manually launch, which then downloads the Locky virus. Locky does not just go after your C drive, it scrambles any files on any mounted drive it can access and can even encrypt network shares that are accessible so they can’t be used to restore your files. There are currently no ways to decrypt Locky without paying the ransom.

Like most ransomware, Locky requires payment in Bitcoin currency, which helps to hide Locky affiliates’ identities from law enforcement. The amount requested typically ranges from $400 to $800. However, some attackers are realizing how valuable business data can be and are starting to charge more. Keep in mind that paying the ransom is no guarantee that your data will be returned to you as often victims are the guinea pigs of new versions that they actually cannot decrypt.

Being prepared and educated are the only preventative measures against ransomware. About 23% of recipients open phishing messages, with 11% actually clicking the attachment. 50 percent of users open the emails in less than an hour, which is faster than administrators can detect a problem. If you don’t have proper backups when your system becomes infected, it is already too late.

For help in thwarting ransomware like Locky, contact CyberStreams an experienced provider of IT security managed services. We are in Seattle, Bellevue and Western Washington and can be reached at (425) 274-1121 or sales@cyberstreams.com.