ThreatSTOP Blog

Locky, Not to be Confused with Lucky

Written by threatstopbme | February 24, 2016

 

Locky is a new ransomware that encrypts a victim's data using AES encryption and then demands .5 bitcoins for the decryption of that data. The malware is currently being distributed via email that contains Word document attachments with malicious macros.

The text in the document is scrambled, luring the victim into downloading the macros. Once the victim enables the macros, it downloads an executable from a remote server and executes it, infecting the victim with the ransomware.

ThreatSTOP customers are protected from Locky. The ThreatSTOP Shield service blocks the IP addresses used by the attackers.