What is Locky Ransomware?
Locky is a ransomware virus. The virus encrypts files and asks for a ransom payment to unlock them. The name Locky comes from the extension which this ransomware sets to encrypted files – namely .locky. Here you can find a detailed description of the Locky virus.
When it first appeared, the virus used to encrypt document file types, but it has grown and now encrypts much more file types. To see how you can perform a complete removal of this troubling ransomware, read the entire article.
What Does Locky Ransomware Do?
Once Locky ransomware infects a computer, it makes new values in the Windows Registry. It does that to load with every Windows start. Most modifications are located in the following registry entry:
Then the virus will make the file _Locky_recover_instructions.txt, that contains a ransom note with the instructions of how you can the ransom. The message states:
!!! IMPORTANT INFORMATION !!!!
All of your files are encrypted with RSA-2048 and AES-128 ciphers.
More information about the RSA and AES can be found here:
Decrypting of your files is only possible with the private key and decrypt program, All which is on our secret server.
To receive your private key follow one of the links:
1. hxxp: //6dtxgqam4crv6rr6.tor2web(.)org/[mixed letters and numbers] 2. hxxp: //6dtxgqam4crv6rr6.onion(.)to/[mixed letters and numbers] 3. hxxp: //6dtxgqam4crv6rr6.onion(.)cab/[mixed letters and numbers] 4. hxxp: //6dtxgqam4crv6rr6.onion(.)link/[mixed letters and numbers]
If all of this addresses are not available, follow synthesis steps:
1. Download and install Tor Browser: https://www.torproject.org/download/download-easy(.)html
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: 6dtxgqam4crv6rr6(.)onion / [mixed letters and numbers] 4. Follow the instructions on the site.
!!! Your personal identification ID: [mixed letters and numbers] !!!
Locky ransomware will mainly encrypt document and text files, although later variants encrypt other file types as well. The files searched to be encrypted have the following extensions:
→.xhtml, .txt, .xls, .xlsx, .xml, .docx, .html, .js, .CIS, .odt, .asc, .conf, .msg, .rtf, .cfg, .cnf, .pdf, .php, .ppt, .pptx, .doc, .docm, .log, .pap, .info, .gdoc, .asp, .jsp, .json, .sql
This is not a complete list as the virus continues to evolve. After encryption all files have the extension .Locky appended to them. The encryption algorithm is RSA – one of the strongest military encryptions.
Can you Remove Locky Ransomware ?
Locky is one of the biggest and most widespread ransomware families. It is not easy to remove it yourself as it can keep creating and replicating its own files if not completely removed. This is why it is recommended getting a reliable anti-malware program. All unwanted files will be removed quickly and easily. En outre, the program will prevent any future threats from getting on your computer. That way you will be certain your system and data are safe.