Locky is a relative newcomer in the RansomWare world. First detected in 2016 it is often delivered via email with a Microsoft Word attachment claiming to be an invoice. The attachment, if downloaded and opened by the user can infect the device by virtue of malicious macros. The document appears to be a garbled collection of information and the user is advised to “enable macro if data encoding ins incorrect”. Once this is enabled by the user the macro generates a binary file that then downloads the actual trojan which then encrypts files.
Encryption doesn’t stop with your normal files, it will also encrypt your BitCoin wallet if you have one. It will encrypt Windows WSS (Windows SnapShot) files. WSS files are a means of backing up files while you are working on them without the need to quit the application or log out.
This trojan, though relatively new, has infected a great deal of systems. most notably the Hollywood Presbyterian Medical Center. Who was forced to pay an astounding $17,000 in Bitcoins for ransom in order to obtain the decryption key.
It is strongly advised that you do not pay any ransom demand. But instead contact RansomRescue immediately. When paying these ransoms, people and businesses are inadvertently sustaining this unscrupulous business models (yes RansomWare has become a business model!) and allowing them to flourish and continue infecting and disrupting the business world.