Locky is a ransomware that has been getting people in trouble since this year began. Locky is distributed with the help of Word’s macros. Usually users get a Word document or in some rare cases a tool executable file in an e-mail message, if you open them you’ll probably be infected.
Even though macros are deactivated by Windows, when you get the message that the file needs them and fall into the trap by activating them, you trigger Locky‘s download process. This program uses the same technique as Dridex, a Trojan that steals bank data from its victims. According to IT experts, Locky is nothing but a new Dridex version.
Files encrypted by Locky are renamed to include the .Locky extension. Paying the ransom they ask for in decryption key is no guarantee that you will get your files back, you’ll have to trust their word and honor. Without this key it’s impossible to get your files back, with the sole exception of users who take it as a routine to perform their own backup processes. Of course the backup files must be clean of the virus to properly work.
Follow along the guide and don’t forget nor skip any steps, so you can be sure to completely remove this virus (all software recommended is free). We advice you to keep Malwarebytes or Eset Nod32 installed on your computer. You can try to get your files back with ShadowExplorer, but these virus rarely forget to remove all Windows’ backup files.
View full solution