New “Locky” ransomware spreading at an alarming rate
The term Ransomware refers to malware that infects your computer and then encrypts all of your files in a way that is almost impossible to get your information back without paying cybercriminals for a special key to unlock your pictures, documents, and other files.
Most became aware of the term ransomware last year as Cryptolocker began spreading through both companies and personal computers, and many who did not have backups of their data were forced to pay to get all their files back.
A new breed of ransomware has been spreading this week called “Locky”. It does so with a malicious macro in a Word document, and so far has been appearing in people’s inboxes as an email with an attachment and a subject line like this: Delivery Notification – Unpaid Invoice #350.
According to thehackernews.com:
Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.
Though recent versions of Microsoft Word by default have Macros disabled, many companies may have them enabled. Or if you have an older version of Microsoft Office you and your employees could be at risk too.
One of the first steps to prevent infection from this, or any other malicious malware/virus/trojan, is to ensure that your staff is trained to always use caution and never open files or documents that they do not recognize, or did not request. Some cybercriminals can use an infected persons email address book to send out fake emails, so at times it may appear that a coworker or company you are familiar with has sent the email.
Next, make sure you have a robust backup solution in place in case a computer does get infected, so that you can recover the necessary files after your computers and network have been cleaned.
Lastly, make sure your Anti Malware and Anti Virus definitions are up to date and set up correctly to scan files that are being opened, along with regular scans of your computers. Though AM/AV software can be effective, also understand that when malicious attacks such as Locky first appear it can take some time for companies to update the virus and malware databases to detect infections. So the first step, educating your staff, is always the most important.
For more information about the Locky ransomware, here are some articles:
- Sophos: “Locky” ransomware: What you need to know
- Ars Technica: “Locky” crypto-ransomware rides in on malicious Word document macro
- The Hacker News: How Just Opening an MS Word Doc Can Hijack Every File On Your System
If you have any questions, or suspect one of your workstations may have been infected, please contact us at 855-940-8324 or email us at firstname.lastname@example.org.