E-mail
 Print
Technology Blog »

Locky Ransomware Returns: Protect Your Business from Phishing


New strain of Locky disguises itself as an invoice
by Gabriel Quiroz, Network Engineer

The Return of Locky-Style Ransomware: Lessons from a Classic Attack

Back in 2016, the Locky ransomware outbreak spread like wildfire across the internet by disguising itself as a simple invoice. Millions of users were infected before Cybersecurity teams managed to contain it. But cybercriminals don’t stay down for long — and even years later, new threats continue to recycle Locky’s deceptive tactics.

In recent years, variants of the original Locky campaign have re-emerged, using modernized Phishing and SOCial engineering methods to infect unsuspecting users and businesses. While the code has evolved, the goal remains the same: encrypt your data and demand payment for its release.

How These Attacks Work

Locky and its successors rely heavily on email-based attacks. A phishing message arrives disguised as an invoice, shipping confirmation, or scanned document. The email includes an attachment — typically a .doc, .zip, .pdf, .jpg, or .vbs file — that appears legitimate but contains malicious code.

Once opened, macros or embedded scripts silently execute and download the ransomware payload. The Malware then encrypts critical files across the device and network, rendering them inaccessible. Victims are directed to download the Tor browser and pay a ransom (historically between 0.5 and 1 Bitcoin) to regain access — though payment rarely guarantees recovery.

Why Locky Still Matters

Even though Locky itself may no longer be the dominant ransomware strain, its attack model continues to inspire modern cybercriminals. Threat actors constantly modify proven ransomware frameworks to bypass new layers of defense, making it crucial for businesses to adopt proactive, layered protection strategies.

How to Protect Your Business

Defending against ransomware like Locky requires more than just Antivirus Software. Here’s what every business should be doing today:

  • Adopt a "zero trust" approach: Treat every file and link as potentially malicious until verified by your IT or security team.
  • Never open unsolicited attachments: If an email seems suspicious, report it immediately and avoid downloading anything.
  • Disable Office macros by default: Only enable them when absolutely necessary and validated by IT.
  • Back up your data regularly: Use secure, off-site or cloud-based backups to ensure recovery without paying ransom demands.
  • Keep systems up to date: Apply software and security patches as soon as they’re available.
  • Invest in cybersecurity awareness training: Many ransomware attacks succeed because users don’t recognize the warning signs of phishing.

Even with the right tools in place, unidentified vulnerabilities can still exist. That’s where DCS Cybersecurity Services come in. Our experts can evaluate your infrastructure, patch hidden security gaps, and implement advanced protections like SOC and SIEM monitoring to keep your business secure.

Don’t wait until an attack hits — contact DCS today to harden your defenses and stay ahead of evolving ransomware threats.


Contact us today to discover how we can assist you in transforming your business. Please take advantage of our comprehensive IT Risk Assessment to gain valuable insights and receive a roadmap towards achieving IT Nirvana. Let's embark on this journey together and elevate your business to new heights. Reach out to us now!

Call Now!
Contact Us