Locky Locker Ransomware

The Locky Locker Ransomware is a file-locking Trojan that pretends that it's a version of the '.locky File Extension' Ransomware, although it's unrelated. This Trojan drops different formats of ransom messages on your computer than the 'Locky' Ransomware family, and also uses a different file-blocking technique that it bases off of asymmetrical encryption. However, users should protect their media in the same way, by backing up all valuable work, having anti-malware products delete the Locky Locker Ransomware and disinfect their computers, and contact established PC security researchers for any decryption help.

A Well-Known Trojan Gets Some Fanboy Software for Summer

Threat actors who want to make their black market products look more secure or advanced than is the reality can often collect brand names from competing Trojans. Major families of file-locker Trojans like the Jigsaw Ransomware, the Globe Ransomware, and the Crysis Ransomware all include imitative competitors that use their symptoms or names but possess different features. For the summer, malware experts can add the so-called Locky or '.locky File Extension' Ransomware family to that list, as of the rise of the Locky Locker Ransomware's campaign.

The Locky Locker Ransomware encrypts media on the Windows PC by employing a combination of DES in CBC mode and RSA algorithms, with the former performing the bulk of the data encryption, and the latter protecting the key that's generated. The Locky Locker Ransomware also includes the trademark '.locky' extension in the filenames of anything that it blocks, similar to the family it's imitating. Like any other encrypted data, the files that the Locky Locker Ransomware blocks in this manner require a decryption routine before they're readable again.

Unlike the real '.locky File Extension' Ransomware, the Locky Locker Ransomware doesn't use a desktop pop-up-based ransoming message, but a Notepad TXT one. This text file uses a variant of a prominent ransom message that malware experts connect to old campaigns (with false claims of 'military-grade' encryption) and gives the victim an ID and a link for the threat actor's TOR-anonymized website. Typical ransoms for the decryptor may begin at over a thousand USD, and the threat actor also implements a time limit that causes the price to increase every four days.

Staying Protected from a Fraudulent Trojan's Very Real Attacks

Although the Locky Locker Ransomware uses a different encryption method from '.locky File Extension' Ransomware, its attacks are equally viable for blocking documents, pictures, and any other media that it can access on an infected Windows computer. Since the availability of a public decryption solution remains under investigation, any victims may contact the members of the PC security industry for help on recovering their files. For their part, malware experts continue advising that any irreplaceable data use storage mechanisms that keep their backups out of this Trojan's reach, such as a cloud server.

Not all of the details of the Locky Locker Ransomware's distribution exploits are known, but the samples malware experts are identifying include misappropriated signature authentication from the British La Crem LTD company. The use of the freeware installer application Inno Setup also implies that the author has limited programming experience and is not using advanced techniques for targeting specific organizations or protected servers. Deleting the Locky Locker Ransomware with a trusted brand of anti-malware software is advisable, regardless of its infection method due to the Trojan's lacking self-distributing features and likely presence along with other threats.

The Locky Locker Ransomware is one of a growing group of Trojans that pretend that they're something other than what they are. What name a Trojan uses may seem like a clinical distinction without much practical use to the victim, but when it affects what services you can use for restoring your work, it's a critical sticking point.