If you haven’t come across the Locky virus on your computer, you should consider yourself lucky.
Thousands of users around the globe are becoming affected by this ransomware at the most unexpected moments.
Before you understand the technicalities behind this virus and how to save your data against an attack, here are some helpful tips to avoid spyware and malware of all types.
Protect Your Precious Data
- Never keep all your important data on the same computer or the same hard drive.
- Always keep a backup of your important files and documents on an external HDD, SSD.
- Make use of online storage services to keep backups and retrieve them when required.
- Avoid fake and illegal websites; torrents can cause more harm than good.
- Don’t panic and pay a ransom if/when you are affected by a ransomware. There may be ways to get out of the mess!
What Locky Virus Does to Your Data
Almost all the points specified above are applicable for the ransomware named Locky.
The name is very self-descriptive because the virus will take control of all the files and personal documents available on your computer, as soon as it gains control of the operating system’s infrastructure.
Based on the data gathered so far, the virus uses a RSA-2048 key encryption method to encrypt your data and save it into a single folder.
Once Locky enters your computer’s system, a typical error message will appear on the screen to inform you your device has been hacked.
The ransom demand will also appear on this interface.
Alternatively, the hacker behind Locky may choose to threaten you with a different set of instructions and interface.
Any user who refuses to pay the ransom—0.5 to 1.0 BTC (Bitcoins)—within a specified period will lose access to their data.
When the value of the data is very high, most professionals and users would agree to pay the sum, which ranges anywhere between $250 to $500 or even more in some cases.
When the payment is made, the hackers behind the Locky virus will decrypt your folders.
Here’s a Legitimate Way to Save Your Files
Before you set out to decrypt your files, here are some important signs to look for so you can safeguard yourself against an imminent attack.
The majority of these indicators are easy to spot even for the most common PC user, and you don’t have to be an expert to confirm you’re being hacked.
- Locky virus will gain access to your PC and the files within. But before it shows itself, the program has to encrypt all the folders on your system.
- With most computers running 1 TB up to 4 TB hard drives, it is obvious that it will take hours and even days to encrypt them all.
- When a huge process is taking place in the background every time your computer starts up, your PC will obviously slow down, which is the first sign to look for.
- If it takes ages to boot up or performs even the basic tasks with a lag, it’s time to take actions.
- Viruses often rely on legitimate looking Windows programs as camouflage. If two Windows applications are running at the same time, close them one by one to find the fake program out of the two.
- If you are not an expert, just unplug the PC to stop the process and seek help before things get out of hand.
Removing the LockyVirus
- Boot your computer in Safe mode. If you’re not sure how to do it, simply use one of the many guides available online about how to boot a PC in safe mode.
- Keep a laptop or another PC handy, since your own computer may become unstable or may not work during the process.
- Press Ctrl+Shift+ESC to open the list of processes running.
- Right click on each process and select Open File Location.
- You can safely click End Process to stop any suspicious program from running in the background.
Identifying Unauthorized IPs
- Locky virus requires a hacker to be connected to your computer to complete the encryption and take control of your files.
- So, hold the Windows key and press R to open the Run command.
- Type notepad %windir%/system32/Drivers/etc/hosts in the dialog box that appears.
- If there are multiple IPs that show up in the following window, it indicates someone is trying to gain access.
- Type msconfig in your Run Command box. Open Startup programs and uncheck all programs that are initiated by an Unknown Manufacturer.
Removing Locky Virus from Temp Files
- Open Regedit by typing it in the search field. Hold Ctrl and press F to open the search box.
- Type the name of the virus ‘Locky’ and delete any entries that are registered under its name.
- Make sure you don’t delete any Windows registry files, as it could harm the entire operating system and make your PC unstable.
- Type %Temp% and clear the entire folder so that the virus doesn’t find a place to hide and run in the background.
Using Windows Native App or Shadow Explorer
By default, Locky virus would delete all Shadow copy snapshots so that you can’t use the System Restore functionality.
Here are some options you can take to solve the problem:
- Download the Shadow Explorer software and run the program. It will try to find shadow copy snapshots to help restore your system to a previous date. In case the ransomware didn’t do its job, you are in luck and can save your files without paying the money demanded.
- Similarly, file recovery software like Photorec and R-Studio can also be used to recover your data.
When a PC becomes infected by Locky virus, the program uses the highest level of encryption to make sure there’s no way to recover your files.
You may tamper essential data during the process, which is why it is always advisable to seek professional help from security experts.
Paying the ransom is not the route you should take in this kind of situation, as hackers may keep coming back to you for more when they know you would easily budge.