This February, the name Locky ransomware appeared for the first time on the long list of already known malware. Avira Protection Cloud detected it from the beginning and that was the start of a beautiful “friendship”, with our side constantly dismantling bad guys’ work.
This week, a new wave of malware files was released and Avira Virus Lab took immediate measures to block this new attack. “Right after we have discovered the pattern used by the Locky operators, we have noticed also an offensive message in the script. We didn’t took it personally but only as a recognition that our job is done properly” said Marius Bucur, Virus Analyst at Avira Protection Lab.
How does Locky ransomware work
Locky is striking over a geographically diverse area. From just one Locky sample, Avira has identified targeted computers in Germany, England/United States, Spain, Italy, and the Netherlands.
Locky is usually spread by emails with an attached Microsoft Word document. If Office macros are turned on, the malware installation starts once the document is opened. If the macros have been disabled, the malware gives the recipients a reminder that they really should enable them – and then goes to work.
What should we understand from this message?
The reaction from the Locky ransomware creators in fact reveals how annoyed the cyber-criminals are every time when their malicious actions are getting interrupted and they need to start over again and again. And, for sure, this battle will not end soon.
That is why we strongly recommend to all our users to activate the Protection Cloud feature, which strengthens protection and enables us to deliver a highly rated percentage in detection. More than that, until now the Cloud wasn’t outsmarted neither by Locky or Dridex botnet, the other trending threat of the past few months. So, activate the Protection Cloud and be prepared when the bad guys are coming after you.