Locky is the most common variant of ransomware on the internet because it's easy to deploy and manage. CSO's Steve Ragan wanted to see how it works, so he took the most hands-on approach possible: He infected his own PC. After finding a particularly obvious attack email in his spam filter, Ragan proclaimed, "I'm about to do something you should never do, which is open this attachment and run the file."
In less than 55 seconds, his files were encrypted — including the ones on his attached storage — and a message popped up telling him to download the Tor browser (used for accessing the "deep web") and go to a particular address for further instructions. There, helpful text told him how to get bitcoins, then transfer them to the ransom account.
So far, so standard, right? He could either pay the bargain price of $2,200 to get his files back or simply restore his system from a backup. Then there's option C: Recovery. How does that work? Ragan shares the info in a video explainer:
Here, he recovers his Windows 10 system from the Locky attack. This involves rebooting into safe mode and deploying antimalware to sniff out Locky, but it requires a bit of customization, as Ragan demonstrates. If you're able to successfully remove Locky, you'll then want to restore your system — this is where you'll either be really proud of your good backup habits or cursing yourself for your bad backup habits. The entire process can take a good five hours, but it's a far better option than paying the ransom.