Skip to main content

Locky Ransomware Just Won’t Go Away

By August 28, 2017May 22nd, 2021Cybersecurity

For a time, Locky ransomware was the scourge of the internet and was considered by many security experts to be the most widely distributed form of malware on the internet.

Things change, however, and the internet marches on. Hackers latch on to the latest and greatest variants, and after a brief surge to the top, Locky was forgotten and passed over in preference for newer models. Until now.

Recently, a security researcher going by the handle Racco42, discovered a new strain of Locky, known as Diablo6 because this is the extension it appends to all the files it encrypts. The new strain is being distributed via a massive malspam campaign, with the email message simply announcing “Your Files Are Attached.”

If a user, in a moment of carelessness, opens the zipped file, it will install the new version of Locky, scan the user’s machine and encrypt all the files it finds. Once that operation is complete, it will delete itself, then display the ransom message. Currently, the ransom is set at 0.42 BitCoin, or about $1600.

Unfortunately, there’s no free way to decrypt files that have been encrypted by Locky-Diablo6, other than paying the ransom and hoping for the best. As ever, when faced with this type of attack, your best hope is to simply restore the files from your most recent backup, or from your Shadow Volume.

Note that the new version of Locky will try to delete your Shadow Volume, but for reasons not yet fully understood, the malware does not always succeed in doing so.

If it has managed to delete your Shadow Volume, and you don’t have a backup that’s recent enough to be helpful, then you’re faced with the same awful dilemma that so many other ransomware victims have faced in recent months. You can pay the toll and hope you get your files back, or eat the loss and move on as best as you can.

When you get to that point, there are no good choices to be made, so your best move is to see that it never comes to that. Backups matter. If you don’t currently have a robust backup plan in place, you’re flirting with disaster.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.