Locky is a ransomware email-worm and macro virus trojan program that is similar to Cryptolocker. This ransomware is contained within a Microsoft Word document sent by email (in either Microsoft Outlook or Office 365) to thousands of computers, pretending to be an invoice of a company and making use of social-engineering tactics to lure victims into installing the ransomware as well as the enabling of "macros" if the file attached is unreadable (it will always be unreadable), once the file is opened. It is reported to have done 4000 new infections per hour and approximately 100,000 infections per day with most of the infections happening in Germany and the Netherlands.

When opened, the Document file gets downloaded into the system and that its content is garbled along with a prompt that states "enable macros". Once the macros are enabled, the user would download an executable from a remote server and run it from there and with Locky itself encrypting nearly every file on the system as well as the network. The encrypted files are changed with the .locky extension as this happens.

As with typical ransomware, it will then display a message that tells victims to download the Tor browser and visit the hacker's website for further instructions and payments. From there, it will ask for a payment of between 0.5 and 2 Bitcoins ($208 to $800 roughly) in order to receive the decryption key.

An antivirus that can delete ransomware can remove this virus.  

Community content is available under CC-BY-SA unless otherwise noted.