Locky Ransomware Virus in on the Rise!
Heads Up Web Surfers: Look Out for the “Locky” Ransomware Virus!
On February 16, 2016, a new ransomware virus was discovered, spreading like wild-fire throughout internet users alike. LOCKY encrypts the files of trusting victims and any unmapped network shares. Locky doesn’t just rename your files, it scrambles them first, and then ask you to pay the ransomware for the decryption key.
In order to spread the virus, cybercriminals sent out mass emails with malicious files attached. This email will have an invoice attached, asking the users for payment.
Little does the unsuspecting target know, but the attached file contains a malicious macro. Since they believed the document was an invoice, they had no problem opening the file, and gave permission to run the Macro. Once opened the ransomware was installed and began to encrypt and scramble their files. It scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers.
Locky also encrypts Bitcoin wallet files if users have them, making it impossible to access the Bitcoin users may have stored. While losing files is bad enough, the loss of a Bitcoin wallet makes victims even more willing to pay the ransom, particularly if the price of the ransom is less than the value of the Bitcoin stored in the encrypted wallets. Once Locky is ready to hit you up for the ransom, it makes sure you see the following message by changing your desktop wallpaper:
Inside the Locky ransom notes are links to a Tor site called the Locky Decrypter Page. Locky’s payment system for decrypting files is the same as that of numerous other ransomwares. Locky’s website is hidden inside the Tor network and the ransom can only be paid with BitCoins. Once a victim sends payment to the assigned bitcoin address, this page will provide a decrypter that can be used to decrypt their files.
Locky ransomware is currently a big player in the malware sphere. The authors of Locky are skilled and are developing Locky further.
The rise of ransomware attacks highlights the need for users of all kinds to take greater security precautions with their stored data. As always, don’t open suspicious attachments (e.g. .doc, .xls, and .zip files). Keep recent backup copies of important data in a secure place either online or offline. Security firm, Malwarebytes , maker of malware detection tools and anti-virus software, have been actively working on a new product that combats ransomware attacks.
At this point, there is only one method of removing the Locky virus and having files decrypted: paying the ransom.
The best advice we can give you is safeguard your computer. In order to best protect yourself against attacks by Locky and other ransomware, deactivate the automatic execution of Macro codes. General attentiveness is always a good way to go as well.
- Only open trustworthy e-mail attachments from reliable senders.
- If your computer becomes extremely sluggish – this could be an indication that the Locky encryption is already underway. Shut your computer down and remove the battery pack from your laptop if necessary.
- Back-up your data regularly, so that data that may be affected, can quickly be restored with as little loss of data as possible.
- ALWAYS keep your operating system updated to the latest version. Regular updates can generally can shut a lot of security gaps.
- Install Anti-Virus and Anti-Malware programs. It is also essential to keep this software up to date. We recommend Microsoft Security Essentials (Windows Defender) and MalwareBytes.
For more information or questions, please call: 5105224921.