You are here: Home » Current Affairs » News » National
Business Standard

Locky ransomware: All you should know about malware with no decryption tool

Locky was the 'patient zero' of the ransomware epidemic that hit the world in 2017

BS Web Team  |  New Delhi 

cyber attack

and have competition, and it's the latest strain of ransomware to assail computers. On Sunday, the Indian Computer Emergency Response Team (CERT-In) issued an alert on the spread of the 'Locky Ransomware' that can lock computers and demands a ransom for unlocking them. 

However, Locky is not so much a 'new kid on the block' as it is the 'comeback king' among malwares. According to reports, the Locky ransomware's re-emergence with a new email distribution campaign has been touted as one of the largest campaigns in the latter half of 2017.

The ransomware, once considered almost defunct, sent over 23 million emails with the to the US workforce in just 24 hours on August 28, news agency IANS reported while citing

According to reports, the latest version of the ransomware is yet to be cracked and, thus, free decryption tools are not available at the moment.

What is Locky? 

Locky, according to, rose to prominence in 2016 following a number of high-profile infections. In fact, the website describes it as "one of the most successful families of ransomware of all time".  

Further, the appears to have evolved. According to another report from August this year, the new Locky campaign began on August 9. Citing researchers from Malwarebytes, the report said that in the new campaign, the was being distributed with a new file extension called Diablo6.
Further, the report said that another new variant that adds the extension '.Lukitus' to encrypted files is also doing the rounds. 

Citing a study by Google researchers, reported in July this year that Locky was, in fact, the "patient zero" of the ransomware epidemic that hit the world in 2017. 

Further, Locky, or its makers, appear to have been pioneers in the ransomware world. The same news report explained that Locky was the first ransomware programme that kept its "payment and encryption infrastructure" separate from the groups that were distributing it. This compartmentalisation, according to the report, allowed the to spread "farther and faster than its competitors". 

How does it work?

The ransomware spreads through the help of spam emails that are sent to unsuspecting people with innocuous subject lines. According to, the is hidden in a ZIP file containing a Visual Basic Script (VBS) file. Once a person clicks on the file, the report explains, the latest version of the (the Lukitus variant) gets downloaded and encrypts all the files on the computer.

"Reports indicate that over 23 million messages have been sent in this campaign. The messages contain common subjects like 'please print', 'documents', 'photo', 'Images', 'scans' and 'pictures'. However, the subject texts may change in targeted spear phishing campaigns," the CERT-In alert, which described the severity of the ransomware as "high", said.

According to the report, once the infection takes hold, a ransom note demanding 0.5 bitcoin (close to Rs 1,50,000) is presented to the victim. The 'payment' is meant to buy a "special software" in the form of a "Locky decryptor", which the victim needs to get their files back.

Further, instructions on downloading and installing the Tor browser and how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.

First Published: Mon, September 04 2017. 16:54 IST