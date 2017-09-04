Locky ransomware: All your questions answered. (Image: Reuters)

Ransomware is now an epidemic in the modern world of technology. First with WannaCry, then Petya, cyber criminals have now unleashed Locky, to pose threat to computers all over the world. Even India is not safe from this new malware. In fact, the Indian Computer Emergency Response Team (CERT-In) has issued an alert about ‘Locky’, a malware that spreads through spam emails. Similar to WannaCry, even Locky asks for ‘ransom’ in cryptocurrencies like Bitcoin. While there have been no major attacks in India till now, here is all the information you need to know in order to keep your computer safe from ransomware.

What exactly is Locky ransomware? To understand Locky, you need to know what is a ransomware. Basically, cyber attackers use ransomware to block access from your own data and in return for it, they ask for money, usually in the digital currency. The new threats came to light when a popular ransomware called WannaCry attacked major sites in the world, earlier in 2017. Meanwhile, the Indian government has issued a warning against Locky. This ransomware has been working for over a year now but now its has launched a new variant. On August 9, Locky unveiled a new attack and even India is reportedly under its radar. AppRiver, a security company has claimed that more than 2.3 lakh messages have been sent in the attack and that makes it one of the biggest cyber threats ever.

How does Locky work? Malwarebytes research has said that Locky gets distributed via a new file extension called “.diablo6”. In the newly launched variant, Locky criminals have unleashed a new extension called “.Lukitus”. It is a French word which means ‘locking’. The cyber criminals send files under this extension via emails. They look like suspicious ZIP files and travel through attachments in your emails. Under the attachment, is present a secondary ZIP file that has Visual Basic Scripts (VBS). This has a downloader which takes you to a malicious website called “greatesthits [dot] mygoldmusic[dot] com”. So, you need to beware of emails which say “please print”, “images”, “scans” etc. Once you click on these attachments, your computer will automatically download the malware and your system will be compromised with Locky. The first sign of the change, you will see in your Desktop Background, which will now say “Lukitus[dot]htm” and you will not be able to access your data. Most reports say that you will have to pay 0.5 Bitcoin, around Rs 1.5 lakh to retrieve them.

How to stop Locky ransomware? As of now, there is no way to stop it. The only way to get your data back is by paying ransom to the cyber criminals. However, there is no surety that you will get your data back. Researchers have still not figured out a way to control this ransomware.

How do I protect myself from Locky? The basic steps that you need to take are: Keep a backup of your data, install a good antivirus program with latest updates, check out for malicious emails, and as every expert suggests, “Do Not Pay Ransom.”