Every cybersecurity guy knows Locky Ransomware. The malicious ransomware has done quite a number on its victims since 2016. Over time, it resisted modern ransomware removal tactics via frequent updates over the past few years. Many cybercriminals were also impressed by its success— to such an extent that they developed their own variants based on Locky’s model. One such example is the PyLocky Ransomware.
Recently, some news reports have unveiled that the ransomware was developed and is currently being operated by a threat group known as Dungeon Spider. Analysts illustrate the fact that Locky Ransomware managed to infiltrate the servers and PCs of various businesses and individuals from 2016 to 2018. The exact number of these victims is not known, but it has been estimated that thousands of victims have been infected. Perhaps this is the reason why several major security agencies have warned users about it and actively sought solutions for Locky’s ransomware removal.
The ransomware has been known to apply two major cryptographic algorithms: AES (Advanced Encryption Standard) 128-bit and RSA 2048-bit. Like other popular ransomware strains, Locky locks files by appending its extension to filenames for encryption on sensitive data, stored in system drives. Any potential ransomware removal or recovery process is prevented by the deletion of show volume copies from the corrupted servers.
Some experts believe that the reported cases of the ransomware slowed down after 2017. However, even if the analysis is true, the ransomware has spawned a legacy. Inspired by Locky, cybercriminals have their hands full in designing and developing its variants. The above-mentioned PyLocky — found out in September 2018 — was one of the most powerful among them. Earlier, there were some talks in the air about PyLocky’s direct connection with the Dungeon Spider group; however, so far there has been no credible evidence to establish a link.