How to remove Locky ransomware from Mac

Locky is the nickname of a crypto-ransomware that infects computers by encrypting files and preventing user access. Cybercriminals use it to scare victims into handing over money. They hold encrypted data to ransom and demand payment for a decryption key that can restore inaccessible files. But nobody guarantees that after making a payment, you will get your data back unscathed.

The good news is that you can remove Locky ransomware from your computer in no time without the need to pay the ransom. In this article, we’ll show you how to get rid of this malware in a few simple steps and protect your Mac from future threats.

What is Locky ransomware?

In February 2016, Locky authors used the Necurs botnet to run a massive spam campaign, sending emails with the malicious code called to encrypt users’ data. The ransomware quickly spread throughout the world but affected North America and Europe the most. Since that time, it has become one of the most ever-multiplying members of the ransomware family. 

The initial extension of encrypted files was LOCKY. As the malware evolving, new editions occurred, introducing new file extensions.

Did you know?

Locky often names its extensions after gods of Egyptian and Norse mythology: ODIN, THOR, AESIR, LOPTR, and OSIRIS. There were also SHIT, DIABLO6, ZEPTO, and ZZZZZ. The latest known file extensions are LUKITUS, YKCOL, and ASASIN.

Locky ransomware attacks individual users and large businesses. One of the first most significant attacks hit primarily the healthcare sector as well as the transportation, telecom, and manufacturing industries. The virus is best known for a high-profile infection at a hospital in Los Angeles, which paid a $17,000 ransom to recover its data.

How did Locky get on my computer?

Ransomware authors spread the infection via fraudulent emails similar to those used by Dridex malware focused on stealing banking information. The email is designed to make you believe that it comes from a reputable company. It always includes an attachment which you’ll be asked to download. Usually, it’s Word, Excel, or ZIP file disguised as an invoice. Here is a typical scam email with Locky virus:

Dear [Name],

Please find an invoice attached below. Make a payment according to the terms listed at the bottom of the invoice.

Let us know if you have any questions. 

We greatly appreciate your business!


How does Locky ransomware work?

Locky is a big player in the malware industry. It’s powerful enough to encrypt over 160 different file types, including videos, images, and Office files. Although Locky tends to infect Windows, it also attacks macOS. Here is how it works:

  1. You download and open an attached document.
  2. Content in the document looks like gibberish. 
  3. A warning message advises you to enable macros so that the content can be displayed correctly. But this social engineering technique is used as a bait to trick you.
  4. By enabling macros, you activate a malicious script that installs Locky malware on your computer.
  5. The virus begins to lock specific files, rename them to a weird combination of letters and numbers and change extensions.

Once the files are encrypted, Locky starts demanding ransom from you. It asks you to install the Tor browser and make a payment in Bitcoin (BTC) to get the decryption key. Generally, ransom varies from 0.5 to 1.0 BTC, which equals about $3600–$7200 as of December 2019.

How to remove Locky ransomware

First of all, you should ignore it. Never follow the steps described in the ransom note. There is no guarantee that the scammers will keep their promises and turn your files back to life. By fulfilling their demands, you’ll encourage cybercriminals to expand their grim business and use your money to attack even more users.

To remove Locky virus, you need to fire up an anti-malware software and let it do its job. There are several useful tools available for Mac, both free and paid. I opt for CleanMyMac X by MacPaw. It’s approved by Apple, which means I can completely trust this software.

With its user-friendly Malware Removal module, CleanMyMac X turns Locky ransomware removal into a piece of cake. 

Malware removal module of CleanMyMacX

Here is how to use it:

  1. Launch CleanMyMac X (download it here for free).
  2. Select Malware Removal from the sidebar.
  3. Hit the Scan button and let it look for malware.
  4. If anything suspicious is found, click Remove to get rid of it. That’s all!

Locky virus removal won’t decrypt or restore affected files. There is no practical method to decrypt them. The only thing you can do to recover your data is to restore it from backup. That’s why regular updates and backups of your device are so crucial.

How to protect your Mac from Locky

Prevention is always the best protection strategy. Stay vigilant and follow these simple tips to keep your computer safe from Locky or other types of ransomware:

  1. Avoid opening any suspicious attachments or links. Make sure you know and trust the source of the document before opening it.
  2. Disable all macros in Office for Mac by default and never enable them in any dubious documents you get. Open Word, Excel, or PowerPoint, go to Preferences > Security & Privacy and choose desired settings. 
  3. Regularly back up your files to cloud storage or external drive.
  4. Install system and software updates and patches as soon as they are released.
  5. Scan your Mac for malware threats. You can do this automatically by turning on real-time protection. Click on the CleanMyMac X menu, go to Preferences > Protection, and enable the monitor to let it scan your computer on the background. 

Locky operates all top ransomware features such as colossal spam email campaigns, BTC payment gateway, different scripting languages, and server-side encryption. Luckily, it’s not too difficult to keep your Mac clean and protected from this or any other type of ransomware. With CleanMyMac X, you can be sure that nothing goes unnoticed thanks to its vast database of malware threats. It checks your Mac in a background mode ensuring your data and files are in safety.

Laptop with CleanMyMac
CleanMyMac X

Your Mac. As good as new.