Locky Ransomware Statistics: Geos Targeted, Amounts Paid, Spread Volumes and Much More…

6 Min Read
Shutterstock Licensed Photo - By rawf8 | stock illustration ID: 662707930

Locky is quite a recent encryption virus that has created waves in the cyberspace by attacking the system of Hollywood Presbyterian Medical Center during February. Plenty of patients at the medical center had to be shifted to other centers because of the attack. This attack has been the worst ransomware nightmare of the year and the hospital had to pay $ 17,000 in Bitcoin for resuming normal operation.

Take a look at the Locky stats and key features to figure out yourself the pace at which this ransomware is creating havoc in the cyberspace.  

  • Average ransom sum demanded: 0.5-1 Bitcoin. But amount varies depending on the victim. Public institutions are demanded a huge sum.
  • Infection rate: 90,000 devices per day.
  • Features: domain generation algorithm, Bitcoin/TOR payment, custom encrypted communication via IM.
  • File type encryption: More than 160 file types can be encrypted by Locky.    
  • Countries most affected:
    • France
    • Italy
    • Germany
    • Spain
    • USA
  • Malicious servers located: 3 in Germany, 9 in Russia, rest in Ukraine, Netherlands, France, Estonia, Bulgaria, Moldova and Austria.
  • Propagation Medium: Mass spam emails with malicious links, .doc file with a macro in the attachment.   
  • Victims willing to pay ransom: 2.9%.
  • Usual files through which Locky virus is spread: Excel/Word files.
  • Number of countries affected:
    • February – 105
    • March – 62

The cyber security experts estimated that Locky possessed 17% “market share” among all ransomware infections. It surpassed in numbers the notorious TeslaCrypt ransomware, which affected mostly the U.S. 

Locky attacked more than 400,000 victims in the very first week of its detection. As per recent reports, the ransomware infects 30 devices per minute. Cyber security experts tracked more than 60,000 attacks in the United States and Germany in the duration of 24 hours after the ransomware became quite popular.   

Google Trends data shows that the usage of the keyword “Locky” dramatically increased. Currently, this ransomware has infected computers in 114 different countries.

Largest publicly admitted ransom was paid by the Hollywood Hospital, it was $17,000 in Bitcoin. The second largest sum was $1,600 in Bitcoin paid by the Methodist Hospital.  

The table below offers an estimate of the money that can be made by Locky ransomware in USD on an average on a per day, monthly and yearly basis considering that 90,000 infections occur per day of which 2.9% victims opt to pay the ransom. The rate considered in the estimation is 1 Bitcoin per attack.  

Ransom Price


Number of payouts/day

Bitcoin value

Per day earning

Per month earning

Yearly earning

1 Bitcoin







A look into this estimation hints the potential that Locky has in earning profits due to the ransomware attacks. Having the potential of making $1,093,590 on a daily basis is not something that can be ignored. This is quite a huge sum and a matter of huge concern for the cyber security experts.

Undoubtedly, Locky has managed to make a lot of money by the attacks carried out by it. This can be said with the figures mentioned in this article. This can also be said because of the attention that this ransomware has received from the cyber security experts.

Bowing down to ransomware attacks encourages the attackers more and more. There is a strong need to put a stop to the ransomware Locky ransomware attacks. The cyber security experts are working on developing the Locky decryptor tool. Several other ransomware infections have been successfully cracked due to mistakes in their code done by cybercriminals. 

Ransomware is proving out to be very dangerous in the cyberspace. Locky ransomware is no exception. The threat that this ransomware can pose should be seriously treated by public institutions as they are quite vulnerable. Only in the US, about 10 Police departments already paid the money to hackers! The same applies to businesses as they cannot afford to lose the vital documents that they need on a daily basis.

The only way to deal with ransomware is not to bow down to the demands of the hackers. If we stop paying this illegal economy can be quickly destroyed. It is also vital not to open any spam emails that seem to be suspicious and do frequent backups of all files. Better cybersecurity tools and awareness can help in dealing with ransomware attacks. For example, a reliable and connected VPN can protect you from ransomware attacks by encrypting your data, keeping cybercriminals from being able to infect your devices.






Share This Article
Exit mobile version