Locky Ransomware
What is Locky Ransomware?
Locky RansomwareA prolific 2016 ransomware family distributed mainly through malicious Office attachments that encrypted files and renamed them with a .locky extension.
Locky emerged in February 2016 and quickly became one of the most widespread ransomware families of its era, propagated by the Necurs botnet through massive email campaigns carrying weaponized Word or Excel attachments with malicious macros. Once executed, Locky encrypted local and networked files using RSA-2048 and AES-128, renamed them with extensions such as .locky, .zepto, .odin, and .aesir, and dropped ransom notes demanding payment in Bitcoin. The campaign briefly disrupted hospitals such as Hollywood Presbyterian Medical Center, which paid roughly USD 17,000 to restore operations. Locky activity declined sharply in 2017 after Necurs shifted to other payloads, but it shaped modern email-borne ransomware tradecraft.
● Examples
- 01
Necurs-driven email waves delivering Word documents that abused macros to fetch the Locky payload.
- 02
The February 2016 Hollywood Presbyterian Medical Center incident attributed to Locky.
● Frequently asked questions
What is Locky Ransomware?
A prolific 2016 ransomware family distributed mainly through malicious Office attachments that encrypted files and renamed them with a .locky extension. It belongs to the Malware category of cybersecurity.
What does Locky Ransomware mean?
A prolific 2016 ransomware family distributed mainly through malicious Office attachments that encrypted files and renamed them with a .locky extension.
How does Locky Ransomware work?
Locky emerged in February 2016 and quickly became one of the most widespread ransomware families of its era, propagated by the Necurs botnet through massive email campaigns carrying weaponized Word or Excel attachments with malicious macros. Once executed, Locky encrypted local and networked files using RSA-2048 and AES-128, renamed them with extensions such as .locky, .zepto, .odin, and .aesir, and dropped ransom notes demanding payment in Bitcoin. The campaign briefly disrupted hospitals such as Hollywood Presbyterian Medical Center, which paid roughly USD 17,000 to restore operations. Locky activity declined sharply in 2017 after Necurs shifted to other payloads, but it shaped modern email-borne ransomware tradecraft.
How do you defend against Locky Ransomware?
Defences for Locky Ransomware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Locky Ransomware?
Common alternative names include: Locky, Zepto, Odin.
● Related terms
- malware№ 900
Ransomware
Malware that encrypts a victim's data or locks systems and demands payment in exchange for restoring access.
- attacks№ 821
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.