Severity scale  
  (99/100)

.locky file extension virus. How to Remove? (Uninstall Guide)

removal by - -   | Type: Ransomware
12

What is known about .locky file extension virus and its functionality?

.locky file extension virus is ransomware-type virus. Ransomware is probably the most popular and profitable type of computer viruses, so that is why cyber criminals create new variants of it non-stop. We hear about new versions of ransomware viruses every day; lately, a new ransomware (called Locky virus or Locky ransomware) was created, and today we want to provide you with information how this virus works.

First of all, you should know that there are many ways how .locky file extension virus can enter your computer system. Remember that cyber criminals use clickjacking techniques to deceive naive computer users and force them to click on malicious links that are disguised as safe-looking ones. In other words, cyber criminals might conceal .locky file extension virus download link under a button or a link that looks completely safe on untrustworthy download websites. Be a security-minded computer user and bypass visiting websites that cause even a slightest suspicion of a trap.

However, cyber criminals mostly distribute .locky file extension virus via fraudulent emails that include a malicious attachment (Word document). This Word file includes a code that gets activated immediately in case the user has Macros function enabled in Word. In case Macros is disabled, the user sees a message above a distorted text: “Enable macro if the data encoding is incorrect.

.locky file extension virus activates itself using Macros function

As we have mentioned above, Macros activates the code, which is designed to download and run an executable .locky file extension virus file from a remote server. This disastrous program then scans the computer system, detects victim’s personal files and encrypts them using RSA-2048 and AES-128 encryption methods. There is a reason why Locky is referred to as .locky file extension virus - once this threat encrypts personal files, it also adds a .locky extension to the filenames. Encrypted data becomes inaccessible; in such way, this virus puts the victim in an invidious position. Obviously, every computer user keeps important data on its computer, so such deprivation of files can cause desperation and stress. However, .locky file extension virus leaves ransom notes in every folder that holds the encrypted data, and this note explains how the victim can retrieve his/her personal records. .locky file extension virus asks to pay a ransom (0.5 Bitcoin, which is equal to 207 US dollars).

It is advisable not to pay the ransom. No matter how much you pay, cyber criminals only care to make a profit. There is absolutely NO guarantee that they will send you decryption key to recover your personal files. Do not support cyber criminals this way. Otherwise, you take a risk losing your files AND your money. Besides, cyber criminals will know that they can scare you and might try to send another virus for you in the future.

Protecting yourself from .locky virus and similar ransomware:

  1. The most important thing to do is to regularly backup your data. We recommend you to store copies of important data on an external drive because some ransomware viruses can access online file storage clouds via your Internet connection.
  2. Install a reputable anti-malware software (for instance, Reimage) on your computer to keep it protected from ransomware and other dangerous viruses.
  3. Whenever you download files or programs, choose “Save” option instead of “Run/Open.” This way, you give some time for computer security software to check whether the file is safe or not.
  4. Keep all your software up-to-date - enable automatic software updates if possible. Cyber-criminals can exploit vulnerabilities in outdated software and enter your system without your knowledge.
  5. Avoid visiting high-risk websites and download software only from verified and secure download websites.

How to decrypt files locked by .locky file extension virus?

Unfortunately, it is nearly impossible to decrypt files that were encrypted by this malicious computer threat. The only one way to recover your files is to import them from an external drive. If you did not create any data backups earlier, then you can try one of the following tools to decrypt your files - Photorec, Kaspersky virus-fighting utilities or R-Studio.
It is important to kill .locky file extension malware as soon as you notice its presence. If you notice its existence soon enough, you might be able to stop the encryption process in time and save some of your files. If you plan to import data from the external backup drive, make sure you entirely remove .locky file extension virus first, as this threat is capable of accessing and encrypting data on every device plugged into the computer as well. We strongly recommend using an automatic malware removal tool to terminate Locky virus; however, if you wish to do it manually, please follow Locky virus removal instructions that are provided below this article.

.locky file extension virus FAQ:

Question: Today, I have received a suspicious email. The subject is: ATTN: Invoice J-98223100. This email also has a file attached to it, which is named invoice_J-98223100.doc. I believe that this email is untrustworthy and that I shouldn’t open it… However, how can a Word file be dangerous? Can you explain what should I do about this email? Should I open the attachment or should I send this email to Trash?

Answer: Do NOT open the attachment! You have received an email from cyber-criminals related to Locky ransomware. This fraudulent email delivers infectious Word document that can download a virus to your computer.
Locky virus uses a new technique to download and run virus executable file - it sends a malicious code in a Word document, which gets activated if Word Macros function is toggled on. You should send this email to Trash immediately.

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use. By downloading any of provided Anti-spyware software you agree with our Privacy Policy and Agreement of Use.
Do it now!
Download
Reimage - remover Happiness
Guarantee
Compatible with Microsoft Windows
What to do if failed?
If you failed to remove infection using Reimage Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall .locky file extension virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Reimage is recommended to uninstall .locky file extension virus. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

More information about this program can be found in Reimage review.
Not using OS X? Download a remover for Windows.
Press Mentions on Reimage
Alternate Software
Alternate Software
Plumbytes
We are testing Plumbytes's efficiency (2016-05-13 06:54)
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency (2016-05-13 06:54)
Hitman Pro
Webroot SecureAnywhere AntiVirus

Method 1. Remove .locky using Safe Mode with Networking

Step 1: Reboot your computer to Safe Mode with Networking
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Safe Mode with Networking from the list
Select 'Safe Mode with Networking'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window.
Select 'Enable Safe Mode with Networking'
Step 2: Remove .locky

Log in to your infected account and start the browser. Download Reimage or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete .locky removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Method 2. Remove .locky using System Restore

Step 1: Reboot your computer to Safe Mode with Command Prompt
Windows 7 / Vista / XP
  • Click Start Shutdown Restart OK.
  • When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
  • Select Command Prompt from the list
Select 'Safe Mode with Command Prompt'
Windows 10 / Windows 8
  • Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
  • Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
  • Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window.
Select 'Enable Safe Mode with Command Prompt'
Step 2: Restore your system files and settings
  • Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
  • Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
  • When a new window shows up, click Next and select your restore point that is prior the infiltration of .locky. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
  • Now click Yes to start system restore. Click 'Yes' and start system restore
Once you restore your system to a previous date, download and scan your computer with Reimage and make sure that .locky removal is performed successfully.
Reimage is a tool to detect malware. You need to purchase full version to remove infections.
More information about Reimage
Reimage is a tool to detect malware. You need to purchase full version to remove infections. More information about Reimage

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from .locky and other ransomwares, use a reputable anti-spyware, such as Reimage, PlumbytesWebroot SecureAnywhere AntiVirus or Malwarebytes Anti Malware

Lucia Danes
Lucia Danes - Virus researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Removal guides in other languages


Information updated:

Comments on .locky file extension virus

0
0
lobster
use pgp to shred it
0
0
John.Fellah
Good article. We can only hope someone catches these cyber criminals one day.
0
0
elise89
Used SpyHunter to remove this virus, its gone, but I am left with encrypted files, still... I guess ill keep them for a while and see if someone invents some antidote for this virus...
0
0
Camilla
when is someone going to create a decryption tool for locky malware?!
0
0
victor
my files are encrypted what do i do?? i dont believe there is no solution!

Post a comment

Attention: Use this form only if you have additional information about a parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.

Home page Name



«

(All fields are required)