FBI Flash Update
“Ransomware Variant called Locky”
FBI, Cyber Divison, 7/28/16
The ‘Locky’ malware is a ransomware variant, which has extensively utilized span campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. While payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommend the victim pay the ransom.
To report information if you find any of these indicators on your networks, please contact FBI CYWATCH immediately. You can call 1-855-292-3937 or email [email protected]