New Ransomware Variant “LOCKY” Discovered

At approximately 1800hrs GMT 15th Feb 2016, Reddit user gmr2048 posted a request for information on a new variant of Ransomware known as Locky Decryptor.

CryptoPrevent PremiumRansom on some examples were set to 1BTC (AUD$563 at time of publishing) and it is suspected the usual means of infection and recovery are similar to other ransomware instances.

All users are advised to never open attachments or click links in emails without confirming with the sender that the email is genuine.

Current detection rates from popular AV packages is less than 50% so it is advisable to use tools like Cryptoprevent to stop the infection in case an infected attachment or link is activated by mistake.

Original reddit post : https://www.reddit.com/r/Malware/comments/45xkn9/any_info_on_locky_ransomware/

Virustotal Page : https://www.virustotal.com/en/file/ee6abe4a9530b78e997d9c28394356216778eaf2d46aa3503999e7d6bfbefe90/analysis/1455579224/

An example of the ransom note. Locky Decrypter (PDF)