As one of the top 3 ransomware threats currently in circulation, Locky has undergone several updates since the beginning of the year which have made it more capable of encrypting files. The latest update apparently allows it to alter files and lock them down – even when your computer is offline. How can it do this? The latest strain has a program upgrade or fallback mechanism that allows it to lock-down the cyber target’s files anyway, without a requested unique encryption key from its Command and Control (C&C) server.
This had apparently been a problem for the Russian “Cyber Mafia” ransomware hackers, who found that in many cases the malware became dead in the water when cut off from its C&C server by firewalls. And, by all accounts, the “new and improved” Locky can begin the encryption and lock-down process of a PC’s entire database within 1 to 2 minutes, thanks to now being able to bypass firewalls that normally would block the malware’s outgoing communications to the “mothership” (server) to get the aforementioned unique encryption key.
How It Works
In order to successfully lock down and encrypt files, Locky requires unique-for-each-infection public-private encryption key pairs generated by the C&C server. Here’s how the related sequence of events in the encryption routine goes down:
The Upside and Downside
Organizations that have network cutoff cyber defenses as damage control will be lucky if their IT network has fast response time, isolating the file encryption to only one computer. But those that aren’t fast on the draw will end up getting large parts – if not their entire IT network – infected with the Locky ransomware virus being distributed via aggressive spam and phishing campaigns right now. The upside? If you actually do pay the ransom and get the private key, that key will work to decrypt files on other networks and terminals if they are of the same Locky configuration, which means you have a free decryptor tool for any PCs or networks that become future victims of that strain. It also means that we could see a public free decryptor tool through open source means in the near future as well.