infonews.co.nz
INDEX
NEWS

Get rid of Locky malicious encryption and prevent the ransomware introduction

Sunday 20 March 2016, 8:04AM

By John Viser

605 views

Another variety of ransomware has surfaced recently. A conservative estimate suggests a great number of computers have been affected by the virus.

The infection dubbed Locky applies a sophisticated encryption. The data is strongly encoded. There is no likely way to get it back by restoring proper scripts. The ransom-free options exist. However, they rather count on data recovery. In that connection, it is good to maintain regular backups of your data. The reserve copies are preferably to be stored in duplicate at two different storages. That may require some expenditures and effort, but definitely much cheaper than a ransom requested by the scammers.

The ransom virus in not the one to hide itself. That clearly distinguishes it from other types of viruses e.g. keyloggers. The latter prefers to remain hidden, the longer the better.

Locky also has a period of hiding itself. Since it is hard to handle impacts of the trojan after its installation has completed, it is good to note that it forces the affected system reboot.[1] 

The period between Locky download and the follow-up reboot is a hiding span. The malicious application cannot launch its encryption until the system gets restarted. It can wait until after the user would do the restart. However, the observations and reports show the trojan does not rely on its victims and prefer to force the reboot.

A last-ditch prevention requires a potential victim to avoid normal restart after the invasion. To block the installation, a user of Windows OS just hit by the rogue would need to resort to Safe Mode with Networking.

General prevention refers to the way the ransomware penetrates into computers.

The ransomware propagation is handled by a multitude of unrelated, if not competing, teams. The developer of Locky most likely does not introduce the virus. Instead, the infection is made available on affiliate terms.

The distributors apply a number of tactics. It is hard to assess how many persons have engaged into the scamware propagation. Needless to say, covering all the infection vectors is virtually impossible.

Some vectors occur very often. These are deemed to dominate the ransomware propagation tactics. Such prevailing schemes include, but not limited to, spamming, exploiting java vulnerabilities, social engineering, drive-by downloads.

To prevent the invasion, make sure you run appropriate cyber security policy. Keep your firewall and other software up-to-date, avoid random downloads; do not rely on your online acquaintances.

The ransomware, if installed, encrypts every bit of data. The encryption process keeps pace with the ransom note generation and placement. The note enters each folder that includes the encrypted files. It prompts the victims to transfer ransom amount in bitcoins. The amount is significant, but many opt for paying as they place a high value on their data.

The guidance below considers ransom-free recovery options. It also shows how to remove Locky. The removal of Locky malware is critical and not to be omitted.