New Ransomware: Locky


New Ransomware - Locky
February 25, 2016

New Ransomware – Locky and How to take Preventative Steps

Have you ever thought that by just opening a Microsoft Word Document, you can have every file on your system hijacked? Well, let’s welcome a new kind of ransomware called “locky”. If you are receiving an email masquerading as a company’s invoice in a Microsoft word document file – think twice before clicking on it. If you do, it could cripple your whole system and lead to system failure.

Cyber criminals are feeling very powerful, due to the success of their cyber crook friends, and are releasing more versions of ransomware with alarming regularity. A UK-based security researcher, who was one of the first to report the new threat, reported seeing around 4,000 new infections per hour, or roughly 100,000 per day. Locky was only being detected by three antivirus products at first. Since then, security vendors have updated their security products to detect the malware.

How does Locky work?

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an invoice email attachment. Once the user opens the word document, the malicious doc file gets downloaded to the system. When the user opens the document, there is a popup that states “enable macros”. As soon as the user clicks enable, it will download an executable from a remote server and it will start to encrypt all the files on your computer as well as the network. It will affect nearly all files and replace the filename with a .locky extension. Once it is downloaded, the ransomware displays a message that instructs infected victims to download TOR and visit the attacker’s website for further instructions. The ransomware asks victims to pay between .5 – 2 bitcoins in order to get the decryption key. One of the more disturbing characteristics of the new ransomware is that it has the ability to encrypt your network-based backup files as well.

Preventative Steps

-Update Systems & patch regularly. This is not going to directly stop locky, but it is the best practice for malware prevention.

-Do not open any emails that appear suspicious or unexpected. The first person to talk to is your service provider, they will instruct you of what not to do and can educate you on the proper security actions.

-Leverage the right backup and disaster recovery solution. This we cannot emphasize enough.

The importance of Backup

This is so incredibly important and we cannot talk about this subject enough. The only way to get the corrupted data back without paying the ransom (which ranges from $200-$800) is through your most recent backup. If you don’t already have backup and DR, this ransomware should show you the absolute necessity it is so you can protect your organization from data breaches, data loss, and all the other types of attacks.

For more information on Locky, Check out: