A new strain of ransomware has been attacking networks lately. Its name is “Locky.” A cute name for a very damaging piece of malware. It was first discovered in the wild on 2/16/16.
As with other ransomware “Locky” leverages human curiosity to gain access to networks via a phishing attack. This is Wikipedia’s definition of phishing: “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.”
In plain English a user will receive an email purporting to be from FedEx, UPS, Microsoft, etc. that will contain an attachment or link that asks you to either open the attachment or click the link to find your tracking information or access your software. These emails look legitimate, but as soon as you click on the attachment or link ALL of the content on your computer will be encrypted as well as all of the contents of any network shares.
The only way to decrypt your files is to pay the *%@#$!* hackers a ransom to retrieve the decryption key or restore your files from a backup. That’s it.
85% of all users do not backup their data on a consistent basis and it’s my guess that most have never tested the recovery of said data to know if in fact that their backups work. DON’T BE FOOLISH! Backup your data daily and confirm that your backups work.
Keep your antivirus definitions up to date. For the most part this should happen automatically, but check yours just to be sure.
Install updates to your operating system (automatic on W10) and any other software you have installed as soon as they are available. If you want an easy way to do this download and install Glary Utilities. It will advise you when updates are available for any 3rd party software that you have installed.
Also, be sure that you’re no longer using the Windows XP operating system or Office 2003. Neither is being supported by Microsoft anymore which means that they are not secure. Locky ransomware has been hiding its code inside the macros of Microsoft Word attachments. If prompted to turn on macros in an email attachment DON’T turn them on.
Ransomware attacks haul in billions of dollars each year for the criminals that deploy it. Fight back. Be smart. If you receive an email that looks “phishy” (pun intended), then DON’T open it. Inform your IT Support company about it immediately and advise everyone else in your company to be on the lookout for suspicious email.