Locky ransomware was first discovered in early 2016.
Locky originally encrypted files and appending the .locky extension, then in subsequent versions unique letter and number combinations were used.
Locky uses RSA-2048 + AES-128 cipher to encrypt files with the decryption keys being generated on the attacker’s server.
For decryption Locky requested 0.5 Bitcoin as the ransom (roughly $210 in 2016)
If you are interested in learning about other Ransomware families that we have published research reports on you can read more here