Short bio

Ransom.Locky is’ detection name for the Locky ransomware, which encrypts files on Windows OSes và holds them hostage for ransom. Locky was first discovered at the beginning of năm nhâm thìn and immediately became one of the most significant malware threats in the wild. As of this writing, Locky is out of commission.

Bạn đang xem: Locky ransomware


Typically, those infected with Locky ransomware would see a ransom cảnh báo displayed either as a desktop wallpaper or a text file.


The Locky v1 ransom note, which is displayed lớn users in two ways: as desktop wallpaper & as a text file. The image tệp tin is named _Locky_recover_instructions.bmp, while the text tệp tin is named Locky_recover_instructions.txt.

Encrypted files bear the following extension names:


Aside from the presence of the BMP and TXT files mentioned earlier, below are other ransom note files that were found present in Locky-infected systems:

_HELP_instructions.htmlasasin-random characters.htmDesktopOSIRIS.htmdiablo6-random characters.htmHELP_Recover_Files_.htmlykcol-random characters.htm

Type & source of infection

Ransom.Locky is distributed through the use of both exploit kits (EKs) & malspam. The Neutrino, RIG, & Nuclear EKs have all distributed Locky sporadically in the past.

The Necurs botnet is the main perpetrator behind the malspam that spreads Locky infections, usually as a result of a specially-crafted Microsoft Office Word or Excel file with malicious macros or a ZIP-compressed attachment containing a malicious script.


Systems affected by ransomware are rendered unusable due to lớn files that are typically used for regular operations being encrypted.

Affected users who choose lớn pay the threat actors behind ransomware campaigns in exchange for access lớn data may find that they don’t get their files back. There is also no sure way lớn know that threat actors will honor their end of the khuyễn mãi giảm giá after paying the ransom.

Affected users who chose lớn pay the threat actors may also find themselves likely targets for future ransomware campaigns.

Data held hostage that wasn’t given back to lớn users or deleted after the ransom has been paid can be used by threat actors either lớn (a) sell on the black market or (b) create a profile of the user they can use for fraud.

Protection protects users from Ransom.Locky by blocking the malware in real time.


* also blocks the malicious macro contained in the specially-crafted Microsoft Office document file.


Home remediation can detect & remove Ransom.Locky without further user interaction.

Double-click MBSetup.exe & follow the prompts to install the program.When your for Windows installation completes, the program opens to the Welcome to lớn screen.Click on the Get started button.Click Scan to start a Threat Scan.Click Quarantine khổng lồ remove the found threats.Reboot the system if prompted to lớn complete the removal process.

Take note, however, that removing this ransomware does not decrypt your files. You can only get your files back from backups you made before the infection happened.

Business remediation

How to remove Ransom.Locky with the Nebula console

You can use the Anti-Malware Nebula console to lớn scan endpoints.

Nebula endpoint tasks menu

Choose the Scan + Quarantine option. Afterwards you can kiểm tra the Detections page lớn see which threats were found.


On the Quarantine page you can see which threats were quarantined and restore them if necessary.

Xem thêm: Luyện Nói: Phát Biểu Cảm Nghĩ Về Tác Phẩm Văn Học Em Yêu Thích Nhất Pdf


All component/technology detections are passed to the remediation engine for complete removal from infected systems. This industry leading technology uses patented techniques in identifying all cohorts or associated files for a single threat & removes them all together lớn prevent malware from resuscitating itself. If you are using Ransomware Rollback technology, it allows you to wind back the clock lớn negate the impact of ransomware by leveraging just-in-time backups.