What is Locky ransomware? Locky ransomware was discovered in the end of 2015 year, it encrypts files on your computer and then demands a ransom fee to decrypt these files. There are several differences from other ransomware viruses. Locky not only encrypts files on your computer, it is also able to encrypt files on unmapped network shares. This feature is quite common now among ransomware. Besides that, Locky was the first ransomware that used email attachements as a spreading mechanism. It is targetting corporative servers and hospitals, which makes Locky ransomware more dangerous then the others. Currently Locky ransomware spreads through email attachements pretending as document from bank or a client. THe usual name for the message will be Invoice H-75610457, or something close to it. This message will contain an attached file and text that is suppose to convice user to open this file. If a user does open it, Microsoft Word will ask to enable macros to be able to open the full contance of the document. This is the moment when Locky infects user and starts to encrypt files. UPDATE 22.11.2016: There are new reports of locky spreading through Facebook images with entension of .svg ! Be extra carefull! Once Locky ransomware is inside of your system, it will scan it for local drives and unmapped network shares. After that the encryption process of these files will start to execute. All files will be encrypted with RSA-2048 and AES-1024 algorithms, in the end of the file name Locky will add a custom format like this: .thor, .locky, .zepto. To be able to decrypt all these files victim will requier a private key that is stored on servers of cyber criminals. In order to get this key, victim has to pay the ransom. Locky ransomware will create an instruction files in each folder that contains encrypted files. This instruction will have name like _HELP_instructions.html and _HELP_instructions.txt. This instruction contains a step-by-step guide on how to pay the ransom fee and get the private key for decryption. Locky demands 0.5 BitCoin (around $200 at the time of publishing this post) for the private key.