Blue Hexagon Blog

Ransomware Families – Locky

Locky ransomware was first discovered in early 2016.

Delivered through email, using Microsoft Word documents with malicious macros or javascript attachments. 

Locky originally encrypted files and appending the .locky extension, then in subsequent versions unique letter and number combinations were used. 

Locky uses RSA-2048 + AES-128 cipher to encrypt files with the decryption keys being generated on the attacker’s server. 

For decryption Locky requested 0.5 Bitcoin as the ransom (roughly $210 in 2016) 

If you are interested in learning about other Ransomware families that we have published research reports on you can read more here