
Check Point Threat Alert: Locky Ransomware

ByCheck Point Research Team
Locky is a new type of ransomware which encrypts the victim’s files and then demands a ransom to be paid in bitcoins in order to decrypt these files. The main infection method is spam emails with an attached Word document that contains a malicious macro. The malicious macro runs a script which downloads the malware’s executable file, installs it on the victim’s computer, scans for files on the system and encrypts them.
Description
- A new ransomware, Locky, has recently emerged. This ransomware encrypts the files on an infected computer and demands a payment in the form of bitcoins in order to decrypt the files.
- The ransomware attack is being spread by spam emails containing an attached word document, disguised as an invoice requiring payment. The attached Word document contains a malicious macro which is being executed following the user’s consent to enable macros. This macro then downloads the malware and installs it on the victim’s computer.
- Current reported infection rates are between one to five computers every second. Approximately a quarter of million PCs were infected within three days.
- Check Point analysts have noticed more than 55,000 logs and infection attempts for the Locky ransomware in the past few days.
Check Point Protections
- Check Point SandBlast blocks malicious Locky documents based on behaviour. It blocked thousands of unique Locky files since Feb 1st.
- Check Point IPS blade includes two IPS protections which will block Locky spam emails that contain malicious attachments and downloaders:
- Check Point Anti-Bot network signature (Trojan-Ransom.Win32.Locky.A) is a post infection signature which blocks the communication with the Locky C&C server.
- Check Point Anti-Virus blade includes more than 200 relevant Locky indicators for known malicious domains and files related to Locky.
- Check Point Anti Bot blade includes more than 114 reputation signatures for known C&C servers of Locky.
References
You may also like
The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases
Key Findings The number of publicly-mentioned and extorted victims in ...
Microsoft Dominates as Top Target for Imitation, Mastercard Makes a Comeback
Phishing attacks are one of the primary intrusion points for ...
Q1 2025 Global Cyber Attack Report from Check Point Software: An Almost 50% Surge in Cyber Threats Worldwide, with a Rise of 126% in Ransomware Attacks
Cyber Attack Surge: In Q1 2025, cyber attacks per organization ...
Unmasking APT29: The Sophisticated Phishing Campaign Targeting European Diplomacy
Executive Summary Check Point Research has been observing a sophisticated ...