A new variant of the Locky ransomware has recently been seen in the wild. According to a report by Malwarebytes Labs from August 9, Locky was using a new file extension called “.diablo6”. But more recently, it sported a new “.lukitus” extension as part of a new campaign.
The malware is distributed by the usual method: Spam Emails. These messages will usually come with an attached Microsoft Office file or a ZIP attachment, which both contain malicious scripts. Once the file has been downloaded and executed, it will start to encrypt the host computer’s files.
It will even take the time to scramble file names, making it hard to determine which is which. Finally, it will append a “.lukitus” extension to all infected files. The downloaded program will disappear and will be replaced by a file containing the ransom note. Locky currently demands 0.49 Bitcoins, which is equal to roughly $2,200.
Unfortunately, there is no known method to decrypt files infected by this variant of the Locky ransomware. It helps to have an offline backup of files, or you can try restoring encrypted files from Shadow Volume Copies. However Locky also attempts to delete these snapshots.
All things considered, it helps to be careful when opening email attachments, especially when they seem to not be of our concern in any way. Keeping antivirus software updated will also help block this rapidly evolving malware in the future.
It is not possible to decrypt the Locky Ransomware Lukitus Variant
Unfortunately, at this time it is still not possible to decrypt .lukitus files encrypted by the Locky Ransomware for free.
The only way to recover encrypted files is via a backup, or if you are incredibly lucky, through Shadow Volume Copies. Though Locky does attempt to remove Shadow Volume Copies, in rare cases ransomware infections fail to do so for whatever reason. Due to this, if you do not have a viable backup, We always suggest people try as a last resort to restore encrypted files from Shadow Volume Copies as well.
How to protect yourself from the Locky Ransomware
In order to protect yourself from Locky, or from any ransomware, it is important that you use good computing habits and security software. First and foremost, you should always have a reliable and tested backup of your data that can be restored in the case of an emergency, such as a ransomware attack.
Last, but not least, make sure you practice the following good online security habits, which in many cases are the most important steps of all:
- Backup, Backup, Backup!
- Do not open attachments if you do not know who sent them.
- Do not open attachments until you confirm that the person actually sent you them,
- Scan attachments with tools like VirusTotal.
- Make sure all Windows updates are installed as soon as they come out! Also make sure you update all programs, especially Java, Flash, and Adobe Reader. Older programs contain security vulnerabilities that are commonly exploited by malware distributors. Therefore it is important to keep them updated.
- Make sure you use some sort of security software installed.
- Use hard passwords and never reuse the same password at multiple sites.