1 of 2
Danger level 7
Type: Adware
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Can't be uninstalled via Control Panel

Locky Ransomware

When your computer gets infected with a file encrypting ransomware application, you can pretty much look for your backup drive to restore your files. Locky Ransomware is the latest addition to the fast-growing group of malicious infections that devastate individual and business computers worldwide for money. The problem is that even if you remove Locky Ransomware from your PC, currently there is no way to decrypt the affected files as of now. Therefore, you either pay the ransom or restore your files from some other source. Needless to say, we strongly discourage you to pay the cyber criminals because this way you would be giving them what they want.

It is true that Locky Ransomware and other similar ransomware infections, like Chimera Ransomware or Shade Ransomware, have been mainly developed to rob unsuspecting users off without any second thoughts. The payments are collected in Bitcoins, a digital payment system that was first published in 2008. This digital currency is now rare to the point that even the smallest amount of Bitcoins might cost hundreds of dollars. For instance, depending on your location, Locky Ransomware may ask you either to pay 0.5 BTC or 1 BTC to purchase the decryption key. That would be between $200 and $400.

This ransom fee does not reach the ransomware average that amounts for around $500, but it still shows that the people behind this application know what they are doing, and they sure know enough about their target. The question is, however, whether users would receive the decryption key the moment they pay the ransom fee. Technically, cyber criminals who create ransomware have no reason NOT to issue decryption keys, but research shows that the communication between the infection and its command and control center (C2) is often shaky. If Locky Ransomware employs weak servers for the communication, they might crash before the C2 receives information about your payment. As a result, the criminals will not issue the key.

So how would it be possible to protect yourself from such infections? The answer is simple: be VERY careful about the email messages you open. Normally, email service providers categorize the type of mail received into general, social, promotional and junk mail. Ransomware infections usually get distributed via spam mail. They come as attachments to those random email messages that look like they are invoices from online stores, financial institutions or logistic companies. Locky Ransomware is no different.

The file that downloads this ransomware on target computer looks like a gibberish MS Word file. If the user follows the instructions written in the file, the download and installation get initiated. The next thing you know, your files get encrypted, and you can no longer access them. Then Locky Ransomware displays a ransom note on your screen, and you are forced to do whatever the people behind this scam want you to do.

You would probably ask why hackers and other smart people who work with computers cannot decrypt the files. Is it really that hard? Truth be told, it is. Locky Ransomware uses the AES encryption method, which means that it takes one encryption key and scrambles the bites in your files so that the system can no longer read them. Fine, you say, what about using the same AES key to decrypt them? It would sure work if ONLY we had the key. The problem is that ransomware applications encrypt the key itself using yet another encryption method that is basically unbreakable, and so only the person who has the private key can help you decrypt your files. This person just happens to be the criminal.

Luckily, Locky Ransomware does not seem to bring any additional malware onto your computer. Some ransomware applications bring backdoors and download malware on constant loops. Nevertheless, since this infection is technically a Trojan horse, you should run a full system scan with a legitimate antispyware tool to check for other potential threats that might be lurking in your computer.

Please follow the manual removal instructions below to get rid of Locky Ransomware for good. As mentioned, manual removal will not restore your files, but you still need to get rid of the malicious programs that might further damage your PC. As for your files, you should really consider restoring them from an external hard disk or cloud drive. This is why computer security experts always emphasize how important it is to keep a file backup because you can never know what might happen.

How to Delete Locky Ransomware

  1. Press Win+R and the Run prompt will open.
  2. Type in %Temp% and click OK.
  3. Find the svchost.exe file in the director.
  4. Delete the file and go to your Desktop.
  5. Delete the _Locky_recover_instrcutions.bmp file.

Remove Malicious Windows Registry Entries

  1. Press Win+R again and enter regedit.
  2. Press OK and open Registry Editor.
  3. Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Wallpapers.
  4. Right-click the BackgroundHistoryPath0 value on the right pane.
  5. Select Delete and go to HKEY_CURRENT_USER\Software\Locky.
  6. Right-click the Locky key to delete it.
  7. Go to HKEY_CURRENT_USER\Control Panel\Wallpaper.
  8. Delete the key with the data %UserProfile%\Desktop\_Locky_recover_instructions.bmp.
Download Spyware Removal Tool to Remove* Locky Ransomware
  • Quick & tested solution for Locky Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.