Cyber Security Center

What is Locky


Locky

Vulnerable computer systems and applications:

Windows OS.

Description:

Locky is ransomware, a variant of computer viruses which aim to encrypt important files to force victims to pay a ransom. The ransomware enters computers via malicious email attachments. When the infected file is opened, Locky downloads and installs on the computer. It then proceeds to encrypt files in a matter of seconds. The malware deletes Shadow Copies to make file decryption more difficult.

Recommendations for prevention:

  • Regularly create and update file backups;
  • Use strong spam email filtering tools such as Sender Policy Framework, Domain-based Message Authentication, Reporting & Conformance or DomainKeys Identified Mail;
  • Use and regularly update antivirus programs;
  • Disable automatic macro launch in Microsoft Office programs.

 

Recommendations for those infected:

  • Isolate the infected computer from the external network;
  • Perform a full system scan with an antivirus program;
  • Restore encrypted files from backup.