Locky (Malware Family) By Fraunhofer FKIE Archived: 2026-04-05 21:36:04 UTC Locky is a high profile ransomware family that first appeared in early 2016 and was observed being active until end of 2017. It encrypts files on the victim system and asks for ransom in order to have back original files. In its first version it added a .locky extension to the encrypted files, and in recent versions it added the .lukitus extension. The ransom amount is defined in BTC and depends on the actor. 2021-10-05 ⋅ Trend Micro ⋅ Byron Gelera, Fyodor Yarochkin, Janus Agcaoili, Nikko Tamana Ransomware as a Service: Enabler of Widespread Attacks Cerber Conti DarkSide Gandcrab Locky Nefilim REvil Ryuk 2020-08-20 ⋅ CERT-FR ⋅ CERT-FR Development of the Activity of the TA505 Cybercriminal Group AndroMut Bart Clop Dridex FlawedAmmyy FlawedGrace Get2 Locky Marap QuantLoader SDBbot ServHelper tRat TrickBot 2020-07-29 ⋅ ESET Research ⋅ welivesecurity THREAT REPORT Q2 2020 DEFENSOR ID HiddenAd Bundlore Pirrit Agent.BTZ Cerber ClipBanker CROSSWALK Cryptowall CTB Locker DanaBot Dharma Formbook Gandcrab Grandoreiro Houdini ISFB LockBit Locky Mailto Maze Microcin Nemty NjRAT Phobos PlugX Pony REvil Socelars STOP Tinba TrickBot WannaCryptor 2020-06-22 ⋅ ⋅ CERT-FR ⋅ CERT-FR Évolution De Lactivité du Groupe Cybercriminel TA505 Amadey AndroMut Bart Clop Dridex FlawedGrace Gandcrab Get2 GlobeImposter Jaff Locky Marap Philadephia Ransom QuantLoader Scarab Ransomware SDBbot ServHelper Silence tRat TrickBot 2020-05-21 ⋅ Intel 471 ⋅ Intel 471 A brief history of TA505 AndroMut Bart Dridex FlawedAmmyy FlawedGrace Gandcrab Get2 GlobeImposter Jaff Kegotip Locky Necurs Philadephia Ransom Pony QuantLoader Rockloader SDBbot ServHelper Shifu Snatch TrickBot 2020-05-18 ⋅ Threatpost ⋅ Tara Seals Ransomware Gang Arrested for Spreading Locky to Hospitals Locky 2020-02-10 ⋅ viXra ⋅ Jason Reaves A Case Study into solving Crypters/Packers in Malware Obfuscation using an SMT approach Locky 2019-09-09 ⋅ McAfee ⋅ Chintan Shah, Marc Rivero López, Thomas Roccia Evolution of Malware Sandbox Evasion Tactics – A Retrospective Study Cutwail Dridex Dyre Kovter Locky Phorpiex Simda 2019-07-30 ⋅ Dissecting Malware ⋅ Marius Genheimer Picking Locky Locky 2019-06-12 ⋅ Gdata ⋅ Karsten Hahn Ransomware identification for the judicious analyst Cerber Cryptowall CryptoFortress Locky PadCrypt Spora VirLock 2018-07-26 ⋅ IEEE Symposium on Security and Privacy (SP) ⋅ Alex C. Snoeren, Damon McCoy, Danny Yuxing Huang, Elie Bursztein, Jonathan Levin, Kirill Levchenko, Kylie McRoberts, Luca Invernizzi, Maxwell Matthaios Aliapoulios, Vector Guo Li https://malpedia.caad.fkie.fraunhofer.de/details/win.locky Page 1 of 2 Tracking Ransomware End-to-end Cerber Locky WannaCryptor 2018-03-20 ⋅ Stormshield ⋅ Mehdi Talbi De-obfuscating Jump Chains with Binary Ninja Locky 2017-11-07 ⋅ ThreatVector ⋅ Cylance Threat Research Team Locky Ransomware Locky 2017-08-20 ⋅ MyOnlineSecurity ⋅ MyOnlineSecurity return of fake UPS cannot deliver malspam with an updated nemucod ransomware and Kovter payload Cold$eal Locky 2017-08-16 ⋅ Bleeping Computer ⋅ Lawrence Abrams Locky Ransomware switches to the Lukitus extension for Encrypted Files Locky 2017-08-10 ⋅ ⋅ botfrei Blog ⋅ Tom Berchem Weltweite Spamwelle verbreitet teuflische Variante des Locky Locky 2017-07-18 ⋅ Elastic ⋅ Ashkan Hosseini Ten process injection techniques: A technical survey of common and trending process injection techniques Cryakl CyberGate Dridex FinFisher RAT Locky 2017-06-22 ⋅ Bleeping Computer ⋅ Catalin Cimpanu Locky Ransomware Returns, but Targets Only Windows XP & Vista Locky 2017-06-21 ⋅ Cisco ⋅ Alex Chiu, Jaeson Schultz, Matthew Molyett, Sean Baird, Warren Mercer Player 1 Limps Back Into the Ring - Hello again, Locky! Locky 2017-01-31 ⋅ Malwarebytes ⋅ Malwarebytes Labs Locky Bart ransomware and backend server analysis Locky 2016-07-07 ⋅ Pierluigi Paganini New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware. Locky 2016-03-01 ⋅ Malwarebytes ⋅ hasherezade Look Into Locky Ransomware Locky [TLP:WHITE] win_locky_auto (20241030 | Detects win.locky.) Source: https://malpedia.caad.fkie.fraunhofer.de/details/win.locky https://malpedia.caad.fkie.fraunhofer.de/details/win.locky Page 2 of 2