Encryption Trojan Locky: What you need to know about the ransomware

02/25/2016
G DATA Blog

In recent months and perhaps even years, there has hardly been a single computer malware strain that has been so prominent in media reports as the ransomware Locky. The reports of tens of thousands of computers being infected every day are unsettling. Many users are wondering what can be done about the daintily-named malware. Experts at G DATA SecurityLabs are providing an overview and tips for a comprehensive security concept.

How Locky gets onto computers

Examples of current email subject lines (not exclusive)

Files targeted by Locky

.123, .3dm, .3ds, .3g2, .3gp, .602, .7z, .aes, .ARC, .asc, .asf, .asm, .asp, .avi, .bak, .bat, .bmp, .brd, .bz2, .c, .cgm, .class, .cmd, .cpp, .crt, .cs, .csr, .CSV, .db, .dbf, .dch, .dif, .dip, .djv, .djvu, .DOC, .docb, .docm, .docx, .DOT, .dotm, .dotx, .fla, .flv, .frm, .gif, .gpg, .gz, .h, .hwp, .ibd, .jar, .java, .jpeg, .jpg, .js, .key, .lay, .lay6, .ldf, .m3u, .m4u, .max, .mdb, .mdf, .mid, .mkv, .mml, .mov, .mp3, .mp4, .mpeg, .mpg, .ms11(Securitycopy), .ms11, .MYD, .MYI, .NEF, .odb, .odg, .odp, .ods, .odt, .otg, .otp, .ots, .ott, .p12, .PAQ, .pas, .pdf, .pem, .php, .pl, .png, .pot, .potm, .potx, .ppam, .pps, .ppsm, .ppsx, .PPT, .pptm, .pptx, .psd, .qcow2, .rar, .raw, .rb, .RTF, .sch, .sh, .sldm, .sldx, .slk, .sql, .SQLITE3, .SQLITEDB, .stc, .std, .sti, .stw, .svg, .swf, .sxc, .sxd, .sxi, .sxm, .sxw, .tar, .tar, .tbk, .tgz, .tif, .tiff, .txt, .uop, .uot, .vb, .vbs, .vdi, .vmdk, .vmx, .vob, wallet.dat, .wav, .wb2, .wk1, .wks, .wma, .wmv, .xlc, .xlm, .XLS, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .zip

Connections between banking Trojan Dridex and Locky? Who is behind it?

For experts: Restrict user rights

For experts: Disable administrative shares

But if it still happens: