Thursday, March 17, 2016

Prevent : Locky” ransomware / Crypto Virus

Ransomware / Crypto Locker / Locky Virus


A type of malicious software designed to block access to a computer system until a sum of money is paid.

Locky, a new family of ransomware that emerged in the last few weeks, has quickly made a mark for itself. Computer security companies say it has become a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.
 “The idea that someone external to you can encrypt all of your data and then you have no way to retrieve that data unless you pay them I think is just absolutely terrifying.”
Trustwave's SpiderLabs said on Wednesday that 18 percent of 4 million spam messages it collected in the last week were ransomware-related, including many linked to Locky



Once it is affected on your system, the only way to decrypt your file is to pay ransom money but we have always an option to prevent this in advance

Ransomware Prevention
  •  Install latest Windows Update on all systems
  •  Implement group policy for Office suites 


** above link in German  convert it to English

  •        Update AntiVirus definition 

                 Download run following onetime AV scanner

1)     Run ESET one time online scanner
2)     Combofix one time scanner
3)     RogueKiller one time scanner

** Install MalwareBytes Anti Ransomware   (not a onetime scanner, just install it. Do not consider this as replacement of AV software , this can we used only for “Ransomware” detection and prevention )

  • Remove Local Admin rights
  • Enable System Restore
  • Deploy a software Restriction Policy
  • Configure SAN snapshots
  • Increase backup retention period

For further reading on CryptoLocker, please see


  1. Very much Informative...Keep up the good work.

  2. Now and then the antivirus program will most likely be unable to dispense with the infection. In such a circumstance, keep an eye on the antivirus programming designer's site on the best way to physically discover documents which this specific infection may have tainted and erase those records.


US-CERT : Indicators Associated With WannaCry Ransomware

National Cyber Awareness System: TA17-132A: Indicators Associated With WannaCry Ransomware 05/12/2017 09:36 PM EDT Ori...