Locky Ransomware

    Learn how Locky ransomware works to prevent attacks.
    Overview

    What is Locky ransomware?

    Locky ransomware is a type of ransom virus– a piece of malware that encrypts files on your hard drive and requires you to pay a fee to decrypt the files. Locky usually arrives as an email with an attachment that looks like gobbledygook. A message in the document advises you to enable macros if the file appears unreadable. If you do so, the macro runs code that saves the Locky ransomware to your drive and encrypts files that may include Office files, videos and images. To get your files back, the Locky ransomware file advises you to go to a page on the dark web where you'll receive instructions for making payment.

     

    GettyImages-911974350-1200px.jpg

     

    How does Locky ransomware work?

    The impact of a Locky ransomware attack can be serious. The virus may encrypt any file it can access in your internal systems and servers. If you are a domain administrator, the Locky ransomware virus can wreak havoc across your entire system. As ransomware attacks continue to make news headlines, organizations are combating ransomware by layering on multiple layers of cybersecurity solutions.

    To protect against ransomware like Locky, a full 360 degree solution is often needed, starting with state-of-the-art threat intelligence to block ransomware from common entry points such as email. Today's enterprises also implement security awareness training programs to train their employees to detect ransomware, coupled with powerful cloud archiving solutions to recover data should a breach occur.

     

    How to prevent Locky ransomware attacks

    Mimecast offers SaaS-based solutions for email security, archiving and continuity that can detect ransomware and other email-borne attacks and prevent users from inadvertently launching them.

    Mimecast's anti ransomware technology is available as a subscription service, enabling you to quickly implement defenses against Locky ransomware. As an all-in-one service, Mimecast also provides protection against a broad range of other threats, including viruses, malware, phishing, spear-phishing and impersonation fraud.

    To help you avoid ransomware attacks, Mimecast Targeted Threat Protection includes services to block access to URLs and attachments that may contain Locky ransomware or other viruses. Mimecast scans the URLs in every incoming and archived email, blocking access to websites that may be malicious. Suspicious attachments may be sandboxed until they are deemed safe, or rewritten to a safe format and delivered immediately to users. Mimecast also offers end-user awareness tools that train employees to spot signs of Locky ransomware and other advanced threats.

     

    Solutions to reduce the impact of Locky ransomware

    Mimecast provides a multi-layered approach to prevent ransomware such as Locky. Beyond implementing a secure email gateway, most enterprises will then layer on a proven cybersecurity awareness training program to activate employees in the fight against ransomware, by enabling employees to detect and report sophisticated ransomware attacks.

     

    How to fix your systems after a Locky ransomware attack

    Should a ransomware attack (such as Locky ransomware) successfully strike your organization, Mimecast also helps to recover from an attack by providing a multipurpose cloud archive for off-site storage of data and crucial intellectual property. With the ability to roll back versions of files to a point before the attack was launched, Mimecast neutralizes the impact of a ransomware attack and speeds recovery efforts after an attack. Mimecast continuity services also enable users to continue using email during an outage caused by disaster, hardware failure, human error or an attack.

    By layering cybersecurity solutions, security and IT professionals can massively mitigate risk of ransomware. Learn more about avoiding Locky ransomware with Mimecast and refrain from asking yourself to pay, or not to pay!

     

    Questions about Locky ransomware

    What is Locky ransomware?

    Locky ransomware is one of the most dangerous types of ransomware – a form of cyberattack that uses malware to restrict access to a computer system or the files on it until a ransom is paid. First launched in 2016, Locky ransomware has sophisticated features that include a domain generation algorithm and server-side encryption that makes decryption almost impossible without paying the ransom to acquire a decryption key.

    How does Locky ransomware work?

    Users typically encounter Locky ransomware as a fake invoice attached to an email – usually a .doc file with an embedded script that gets executed when Word macros are enabled. If a user opens the attachment, they’ll see a garbled message with instructions to enable macros in order to see the message clearly. If the user takes this action, the Locky ransomware software is downloaded to the user’s computer, where it encrypts files with a new extension and issues a demand for payment on a ransom screen.

    Currently there are no tools for decrypting Locky ransomware, as the technology behind this malware is among the most sophisticated of ransomware variants.

    How can you avoid Locky ransomware attacks?

    The best way to protect your organization from the devastating effects of a Locky ransomware attack is to prevent the malware from entering your system in the first place. A broad approach to security is usually best. This should include anti-malware and antispam technology – these solutions can identify and stop phishing email and ransomware attacks that are already known and catalogued. To block new strains of ransomware, you’ll need a secure email gateway with capabilities for inspecting email headers and content and for deleting or quarantining any messages that show signs of phishing attempts or social engineering techniques. To address potential sender spoofing, you can use DNS authentication services that determine whether a sender’s address is legitimate using DMARC, SPF and DKIM protocols. And for additional protection, you can deploy advanced solutions that scan all email for dangerous links and attachments and block users from accessing them.

    How can you remove Locky ransomware?

    Locky ransomware can be removed from computers using a number of third-party tools for deleting the code, but the only solution for regaining access to data (other than paying the ransom, which is discouraged by federal authorities) is to restore data from backup.

    How can you mitigate the damage of Locky ransomare?

    Unfortunately, ransomware defenses may not stop every threat every time, so having a plan for dealing with a successful attack is critical to minimizing the damage from Locky ransomware and other threats.

    • Frequent backups can help to ensure that you can quickly recover data from a recent backup after a ransomware attack.
    • Continuity services can help to ensure users have continuous access to data and email during and after a Locky ransomware attack, even as files remain encrypted.
    • Two-factor authentication protocols can help to prevent attackers from accessing your system with stolen login credentials.
    Back to Top