Pagoda Blog

How to Protect Your Business from the Locky Ransomware

May 19, 2016

Image from 


Locky Ransomware is the new way for cyber criminals to take a hostage, and hold them until you send payment. Except instead of holding a person hostage, they just hold all of your important files on your computer, encrypt them and demand money for the key. The tell tale sign of the ‘Locky’ ransomware is that your important files will all have changed the file extension to ‘.locky’.


Locky typically infects a user's computer through email phishing. To summarize, phishing is when someone sends you an email (often from someone you know) that has some kind of attachment. This attachment is often a word document that has a link inside it the user is encouraged to click. The link is clicked, or the word document is downloaded and the malware infects the computer.

With locky specifically, there will be a word document that the user is prompted to open. The word document, once opened, will look something like this.

Image from


The word document looks like a random string of numbers and letters and the user is encouraged to enable macros. If the user enables macros, the malware begins its dirty work. The ransomware scans the local drives and network shares (both mapped and unmapped), looking for more than 130 types of files to encrypt. After it encrypts each file, it changes the filename, changing the extension to .locky.


Locky deletes all of the computers shadow copies so the files can not be recovered (unless you have another backup), and then sends you a ransom note by placing their demands on your computer desktop and including the note in a folder where each file was corrupted.


The ransom note includes a web page for you to visit and demands typically .5 or 1 bitcoin, about $400USD. You can purchase the encryption key at this site and then get all your files back.


However, if you do not want to pay these crooks there are a few things we recommend you do to protect yourself.


  • Backup early, backup often. If you consistently backup your computers files to an external drive, you can easily restore your computer from a backup if your computer gets infected with locky.
  • Be aware of phishing attacks. Make sure you and your staff are educated about what phishing attacks look like. Don’t download attachments from people you don’t know, and double check with people you do know when they send you a downloadable attachment.
  • Don’t enable macros in document attachments received by email. Microsoft turned off this function for your protection. Many viruses and malware depend on you enabling macros, so don’t enable it.


If you are unsure how to correctly spot phishing attacks or need assistance training your staff, contact Pagoda Technologies for a free consultation.



About Pagoda Technologies IT services

Pagoda Technologies is a globally recognized IT support company doing business in Santa Cruz, San Jose and all over the world who is working to help businesses and their IT departments run smoothly and efficiently. To learn how Pagoda Technologies can help your business, email us at to schedule a no cost business assessment.

Return to Pagoda Blog Main Page

As your trusted IT service partner, Pagoda Technologies is here to help you achieve your near and long-term business goals through reliable and affordable IT support. 

Pagoda Technologies

101 Cooper Street

Santa Cruz, CA 95060


Contact us for a free IT consultation



Get in touch 

Join our newsletter

Want IT to serve you better? 




Follow Us

Facebook LinkedIn LinkedIn