Quick Query

“Locky Virus”- A New Breaching Breed

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

The sector of Information Technology has really advanced itself with new features, tools, software and programs, but there is a twisted reality into the networking cobweb. Millions of spyware, malware and viruses roam around the online streams for a possible threat, which relentlessly harms and damages a certain portion of our data and storage. “.Locky Virus” is one such adaptation, which is specified as a ransomware and proves to be a serious trouble for users. It basically renames all of your files by encrypting them with a “.locky” extension and “blackmails” you for the accurate decryption key.

.Locky Virus – How It Works?

This ransomware virus works a bit differently- after it disguises and infiltrates your system, it compiles all the files, makes a list of it and start working on the encrypted matter. It targets every important file and data, documents, pictures, movies, HDDs and Flash sticks, archives etc. The encrypting process may take time according to the availability of the files and slows the staged processing of your PC, one of the demerits. It sneaks into your system through the easiest modes: an attached document or file!

After it is finished with renaming your files, it reveals itself randomly with a pop-up on your screen, and reveals the “blackmail” amount in in BitCoins- a virtual currency mode which cannot be traced. The payment is being adhered within time duration, and is basically done to put pressure on you.

Please See: You can get access to the decryption key via the Dark Web trail. Prices, as seen, varies from BTC 0.5 to BTC 1.00 (1 BitCoin = $400/£280).


Modes of Arrival

  • You get an email with an attached document (Troj/DocDl-BCF).
  • The document is gibberish and seems of no use.
  • The attached document recommends you to enable the command ““if the data encoding is incorrect.”


  • By enabling the instruction, there is no encoding correction, instead you run the set up and save the file into the system and operates it.
  • The saved data file (Troj/Ransom-CGX) fetches as a downloader, directing the concluding malware payload from the hackers.
  • Usually, the final payload comes in the form of the Locky Ransomware (Troj/Ransom-CGW).

Apart from renaming and shuffling your every data and renaming it, there is a direct effect on wallet.dat, your Bitcoin wallet file (if there is one). So, if there is a case of an ample amount of BTCs in your wallet than the original amount and there is no backup, there is a big case you have to pay up. Along with that, it eliminates any Volume Snapshot Service (VSS) files or the shadow copies, as it is commonly called and serves as a quick and easy backup data.

Remember: after Locky is ready to hit you hard, it will display a message pop-up while changing your desktop background:


Keep in mind that there is no easy way or any shortcut to get your data back if there is no potential sturdy backup. Also, it just doesn’t mess with your C Drive, but gets the hands on any directory of drive it comes across, be it any removable device, network links and shares and much more.

Solution for the Problem

  • Do a backup research regularly, and try to maintain a copy of your files and data important to you within an external device as well. Not only a virus or a ransomware can affect you, but several natural calamities or accidents might hinder the safest possibility.
  • There is no requirement for enabling any commands or macros attached with the file. This would be just the beginning of your headache.
  • Be cautious about any suspicious documents or attachments. The spies and hackers rely on these documents to be opened up by you. In any doubt, leave it out.
  • Think through the thought of installing Microsoft Office viewers. This program allows you to scan and see how the documents appear without opening.
  • Don’t stay logged in as an administrator for any longer time. Avoid any browsing activity, downloading or opening “regular” documents.

Follow these directives and recover your files precisely.

Leave a Reply

Your email address will not be published. Required fields are marked *