Locky ransomware: Why this menace keeps coming back

Jonathan MathewsPublic


It was arguably the incident which pushed the threat of ransomware into the view of the whole world, over a year before the WannaCry outbreak.

In February 2016, the Hollywood Presbyterian Medical Center in Los Angeles, California became infected with Locky ransomware. The infection encrypted systems throughout the facility, locking staff out of computers and electronic records.

Eventually, the hospital paid a ransom of 40 Bitcoins – then equivalent to $17,000 – in order to acquire the decryption key to restore its data.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” Allen Stefanek, presiden of the Hollywood Presbyterian Medical Center said at the time.

Locky went on to plague victims around the world during most of 2016 with many seeing no alternative beyond paying up.

This particular strain of ransomware was so prolific that by November it was one of the most common malware threats in its own right.

But then Locky disappeared in December 2016, prompting some cyber security researchers to suggest that those behind it simply went on a Christmas break. It eventually re-emerged in January, but only in a tiny fraction of instances compared to when it was at its height and infections have been spiking and dropping ever since.

For example, after months of almost zero-activity, the former king of ransomware suddenly returned in August and in a big way as millions of phishing emails containing a Locky payload suddenly flooded inboxes. Not only that, but potential victims are targeted with new strains of Locky – Diablo and Lukitus.

Full Article