Locky is a relative newcomer in the RansomWare world. First detected in 2016 it is often delivered via email with a Microsoft Word attachment claiming to be an invoice. The attachment, if downloaded and opened by the user can infect the device by virtue of malicious macros. The document appears to be a garbled collection of information and the user is advised to “enable macro if data encoding ins incorrect”. Once this is enabled by the user the macro generates a binary file that then downloads the actual trojan which then encrypts files.

Encryption doesn’t stop with your normal files, it will also encrypt your BitCoin wallet if you have one. It will encrypt Windows WSS (Windows SnapShot) files. WSS files are a means of backing up files while you are working on them without the need to quit the application or log out.

This trojan, though relatively new, has infected a great deal of systems. most notably the Hollywood Presbyterian Medical Center. Who was forced to pay an astounding $17,000 in Bitcoins for ransom in order to obtain the decryption key.