Locky is a new crypto-ransomware that showed up a few weeks ago for the first time. It comes through Email as a Microsoft Word or Excel document, .doc Invoice. This ransomware has been infecting over 90,000 computers a day, according to FORBES.
According to Microsoft, Locky is being distributed by Email with an attachment, usually a word document or an excel document that appears to be an invoice. Once you open this attachment, Word will ask you to enable Micros. Then it will download the malware and start to encrypt every file accessible from your system. This includes any network files pathed to to your computer. A ransom message is then displayed demanding payment in order to unlock your encrypted files. Note that once your files are encrypted, the only guaranteed way to restore them is from your backup.
Receiving an invoice via Email is part of the typical business day if you have any administrative role at work or home. Many people might not even look at the sender or read the subject line of the Email and just immediately go to the attachment and that’s what seems innocent enough. If you open this attachment, be warned that unless you or your company has a recent backup of your data, you will be purchasing Bitcoins to unencrypt your data and obtain all of your information that was stolen from you. These attachments come in a .doc format and reads: “ATTN: Invoice L-98223146”. So opening up an attachment from an unexpected sender has potentially catastrophic consequences at this point. Please click on the senders Email address and verify if you know who the sender is and that you are expecting an invoice from that person prior to opening up the attachment. If the sender is unknown to you, then DO NOT OPEN THE ATTACHMENT. We personally know of two local businesses that received this Emailed virus last week. One was an Invoice from the “IRS” and another was a Resume from a “prospective employee” both contained this Ransomware virus. Luckily we were able to prevent them from losing any files. However most people receiving these files are contacting us in utter desperation without a backup solution in place.
There are many ways to help prevent you from being infected. We recommend the following:
1. Educate: Teach your employees about Viruses and Malware prevention. Let them know to not open Email attachments or links from someone they do not know or if it looks suspicious. Ask your IT professional if you are not sure. We get multiple Emails from our customers asking if the email they received was a threat. We would rather you ask us than infect your system or your companies network.
2. Back up: Make sure your data is backed up regularly. Store this backup separately in the event of a Network attack such as this. Many different things can happen to your data such as viruses, malware, fire, flood, theft, etc. and this will help to ensure the integrity of your data.
3. Defend your data: Make sure you are using a valid and updated antivirus (we recommend MSE or Windows Defender), have a secure password to access your computer, have a secure router protecting your network and password protect any important documents. Make sure your IT Company takes security serious. Here at OC Cloud9 we actively protect our clients and their data.
4. Make sure Macros are not enabled on Word and Excel: Microsoft turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on. To help prevent malicious files from running macros that might download malware automatically, we recommend you change your settings to disable all except digitally signed macros.
To do this:
1. Open a Microsoft Word document.
2. Click the File tab.
3. Click Options.
4. In the Trust Center, click Trust Center Settings.
5. Select Disable all macros except digitally signed macros.
6. Click OK.
5. Login Power: This is more for IT companies but don’t give yourself more login power than you need. We do not let our clients install programs without our permission and have stopped many viruses from being installed in the process.
For further information about how to protect your important and priceless data, contact a member of our OC Cloud9 technical team at (949) 699-6619 or contact us by clicking here. For a detailed look with exactly what happens to a system infected with the Locky Crypto-Ransomware, please see BleepingComputer.com’s article