Short bio

The Locky ransomware was first discovered at the beginning of 2016 and immediately became one of the major threats in the wild.

It is distributed through the use of both exploit kits and malspam. The Neutrino, RIG, and Nuclear exploit kits have all distributed Locky sporadically in the past.

Currently, the Necurs botnet is the main perpetrator behind the malspam resulting in Locky infections, usually as a result of a malicious Microsoft Office file or a ZIP attachment containing a malicious script.



Ransom file extensions

.locky Feb-16
.zepto Jun-16
.odin Sep-16
.shit Oct-16
.thor Oct-16
.aesir Nov-16
.zzzzz Nov-16
.osiris Dec-16
.loptr May-17
.diablo6 Aug-17
.ykcol Sep-17
.asasin Oct-17

Ransom note files


Malwarebytes users are protected against the Locky ransomware, thanks to our multi-layer defense.