As a coup de grâce, Locky also deletes a very useful feature on newer versions of Windows, Volume Shadow Copy snapshots that could be otherwise be used to go back to earlier copies of files that haven't been encrypted.
Speaking of shadow copies, they could still save the day even if they are deleted.
Some users report that they've succeeded going back to older, unencrypted versions of the Locky-scrambled files, by restoring the shadow copies (remember, files on hard disks are only marked as being deleted so that they can be overwritten by other data, and not actually physically removed).
What's important here is to stop working as soon as a ransomware infection is detected, so that data marked as deleted and which could help you restore files, isn't overwritten.
Locky uses ye olde Office macros, a programming language for Microsoft's productivity suite that's powerful and which has been thoroughly abused by malware writers for the past two decades.
Office macro malware actually considered a thing of the past, but thanks to Locky, that particular scourge which is usually spread via email attachments has made a comeback.
If you do need to open Office documents sent to you, read Microsoft's recommendations on how to avoid catching Locky first. I would add to that, back up often to multiple locations, and be extremely careful about opening any type of attachment, even from people you know.
Whatever you do, don't pay the ransom if Locky or other malware hits.
First, it's far from guaranteed that the criminals will send you a key, or one that works. New ransomware is often copy and paste jobs derived from older malware, with bits added, and even if you get the correct key, the decryption code could be be buggy.
Second, giving in to blackmailers will only encourage others.
Unfortunately, the ransomware problem is likely to get worse. The malware writers target low-hanging fruit here, with computer users being conditioned - through no fault of their own - to trust certain things like Office attachments, as part of their job.
What's particularly bad is that the ransomware criminals seem to target vulnerable organisations like hospitals. It's a safe guess here that ransomware rogues have worked out that health institutions don't have the latest and greatest software, meaning nasties like Locky can slip through the cracks in defences that newer systems don't have.
It's also harder to stand firm as a health provider, and not pay the ransom.
The Hollywood Presbyterian Hospital in Los Angeles caved in, and paid NZ$25,500 in Bitcoins earlier in February to get access to their files again.
Luckily, it appears to have worked, but I'm glad I didn't have to make that decision.
Ransomware is a sobering reminder of how fragile our business and personal IT systems are - and what a pain it is if you're locked out of them. Sit down and work out how much a ransomware attack would cost you, and compare that to setting up a disaster recovery strategy.
My bet is that the latter option will be the cheapest by far.
Debate on this article is now closed.
