Hucky Ransomware Virus Uses the .Locky File Extension - How to, Technology and PC Security Forum |

Hucky Ransomware Virus Uses the .Locky File Extension

01A virus meant to infect Hungarian users, dubbed Hucky by the malware researcher Jakub Kroustek has been identified to be based on Microsoft Visual basic. The virus is very particular in it’s actions and it pretends very cleverly to be Locky ransomware, however in reality it is completely different animal. The Hucky virus even uses Locky’s ransomware message along with a padlock picture and he Locky name beneath it and even appends the .locky file extension to the encrypted files. Anyone who has been infected by this virus should know that it may not be as sophisticated and undecryptable as the original Locky virus and soon a decryptor may be released for it. In the mean time we advise reading this article to learn more about Hucky ransomware and learn how to remove the virus and try to restore your files using alternative methods.

Threat Summary



Short DescriptionBased on Microsoft Visual Basic, the malware encrypts users files using a encryption algorithm, making direct decryption possible only via a unique decryption key available to the cyber-criminals.
SymptomsThe user may witness ransom notes and “instructions” and a sound message all linking to a web page and a decryptor. The file-extension .locky has been added to the encrypted files.
Distribution MethodVia an Exploit kit, Dll file attack, malicious JavaScript or a drive-by download of the malware itself in an obfuscated manner.
Detection Tool See If Your System Has Been Affected by Hucky


Malware Removal Tool

User ExperienceJoin our forum to Discuss Hucky Ransomware.
Data Recovery ToolWindows Data Recovery by Stellar Phoenix Notice! This product scans your drive sectors to recover lost files and it may not recover 100% of the encrypted files, but only few of them, depending on the situation and whether or not you have reformatted your drive.

Hucky Virus – How It Infects

Since Hucky aims to profit primarily from Hungarian users, by taking advantage of how famous Locky ransomware has become, they may be using similar tactics to distribute the malware as well. This includes the usage of combined tools like malware obfuscators, tools that help spam the malicious infection file as well as tools that assist in masking the file as if it was legitimate.

The e-mail messages may contain convincing statements to open the attachments, such pretending to be an e-mail from a bank, an online store or even a message with no topic or body, just containing the attachment. At the moment it is not confirmed but an Exploit Kit or a JavaScript type of attack may have been used to conduct a successful and non-detected infection and download the payload of Hucky virus from it’s command and control (C&C) servers most likely based in Hungary.

Hucky Virus – More Information

There are several key differences between Hucky and the original Locky virus it is aiming to imitate. When researchers executed the virus, they have successfully managed to establish the similarity in the wallpaper it uses to the original Locky wallpaper:


The similarity is the same with a ransom note it leaves on a text file that can be opened in notepad and is named “_Adatork_visszaalitasahos_utasitasok”. What is different between Hucky virus and Locky, however is that Hucky claims to use a combination of RSA-3092 and AES-128 which may or may not be true.

Furthermore, when Hucky’s payload is dropped on an infected computer, it begins to encrypt pictures, PDF files. Microsoft Office documents and audio files and many other types of files adding the .Locky file extension to them, for example:


Hucky Ransomware – Conclusion, Removal and File Decryption

In brief the Hucky ransomware is most likely a low-quality imitation of the Locky ransomware virus, because it’s ransom instructions do not lead users to tor based pages and instead request victims to contact the e-mail address [email protected] Anyone who has been infected by this ransomware virus are strongly advised to take the necessary actions that are recommended which are to remove the virus and while waiting for decryptor to attempt other file restoration methods.

First, if you want to remove Hucky yourself, we advise you to not do it manually because it involves interference with all the Hucky’s registry values created in different subkeys as well as its malicious files and this may be risky for your files in some situations. This is why experts recommend using an advanced anti-malware software which will automatically ensure the full removal of all Hucky associated objects and detect other malware if present. Whatever your choice for removal may be, automatic or manual, we advise using our instructions below for both.

If you want to restore your files, we have also provided in step “2. Restore Files Encrypted by Hucky” alternative variants to solve this issue yourself. Bear in mind that you should try them solely at your own risk and they are not 100% guarantee to work.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share