We have written blog posts in the last year or so on the Locky ransomware that devastated many businesses. We, too, saw the devastation that this malware could cause when clients approached us to help retrieve crucial files and get systems up and running when they were infected with Locky. Fortunately, for Managed Services clients with monitoring, alerting and a disaster recovery system in place, no data was lost. Others, who came to us in crisis and who were not professionally managed, were not so lucky.

There was a lull in activity of Locky for months, but it seems to be enjoying a resurgence in the last couple of months. In August, Locky was in a massive email campaign sent to over 23 million users. As in the previous versions, this version is usually distributed through spam emails with a malicious Microsoft spam file attached or a zip attachment. The latest version, dubbed Litikus, encrypts all files, then displays a ransomware message on the desktop of the intended victim. It then demands payment via bitcoin. The ransom demand can range from $2,000 to over $4,000. The loss of time, files, use of website, etc., can be even more costly to a company or organization.

There is no decryption available for Locky. Most victims are now forced to pay the ransom. The best prevention are the steps we have outlined in previous blog posts:

  • Beware of spam. Do not open ANY attachments that are not from a known and reliable source.
  • Backup OFTEN.
  • Update your antivirus!

Make sure you have a good tech support team that can oversee updates and vulnerability. Prevention is key.

For more information, here is a link to our previous blog post on ransomware.


The sources of information for this article are zdnet.com

and blog.malwarebytes.com.