Often a ransomware victim would relate to Locky as 'my phone, tablet, or laptop has been locked, and ransom has been demanded. The 'Locky Process' visualization provides a deeper visual analytical approach into what files and processes are associated with the Locky payload. All suspected processes are shown in a given visualisation space. A scoring system consisting of processes scores has been developed to indicate suspicion level from 'low' to 'highest.' When a malicious activity is detected, the process would immediately be color coded red and the central score board will turn to red.
With respect to the Locky Process visualization design, each layer has been labelled - Libraries, Folders, Processes, providing a clearer depiction of its representation within 3D space. Within libraries layer, system libraries are represented as square nodes whereas spheres are represented as folders within the folder layer. Therefore, when Locky is analysed by progger, associated processes (e.g. chrome.exe) tracked are visually represented in layers.