Reports of a rise in ransomware trojans have seen further evidence in the form of ‘Locky’ which encrypts user data and demands payment to decrypt it.
Gathering data content, be it blog articles or customer databases, is a time consuming affair, so there’s a real sense of relief when it’s finally collated and finished. However, can you imagine how frustrating it would be to have this data suddenly encrypted by a third party? And how annoyed would you be if this third party then started demanding payment to release it?
You’d be VERY frustrated and VERY annoyed!
Locky – which is being distributed by infected MS Word files – is causing all manner of trouble to businesses at present, so it’s time you learned a little more about it to avoid getting a ransom note demanding $10,000!
What is Locky?
Ransomware does exactly what is says on the tin, it’s software which demands a ransom. Locky is a relatively new form of ransomware which, when activated, converts a long list of file extensions to a seemingly locked extension type named .locky e.g. a .jpeg extension will be converted to a .locky extension.
The problem is that the only way you can decrypt these .locky files is by purchasing a ‘decryption key’ online from the perpetrators. Now, you may be thinking that an online payment surely leaves a trail to the cyber criminals behind the ransom. Unfortunately, these hackers only accept payment through bitcoin – an untraceable online currency.
Ransoms as high as $17,000 are reported to have been paid to restore access to data, so it’s crucial you know what the warning signs of Locky are.
How Do You Get Infected By Locky?
Hackers are taking advantage of the ubiquity of Microsoft Office in our working lives to target victims with Locky. Emails are sent containing an MS Word attachment titled “Troj/DocDL-BCF” and the chaos it releases unfolds thusly:
- Users open the file to discover it’s full of nonsensical text and symbols
- A prompt encourages users to enable macros if “data encoding is incorrect” which, when presented with garbled text and symbols, would seem the right thing to do
- If macros are enabled then this runs software which saves a file to the hard drive and then executes it
- This file then downloads a final piece of software – Locky
- Once Locky is downloaded to the system it starts scrambling files to the .locky extension
- Locky then changes your desktop wallpaper to one of a ransom note detailing how to pay the decryption ransom
How to Protect Yourself From Locky
Naturally, the best way to avoid getting infected with ransomware like Locky is to avoid all dubious email attachments. However, there are a couple of other tips to help protect yourself:
- Try installing Microsoft Office viewers which allow users to view documents without actually opening them in Office applications and prevents viruses from executing
- Always install the latest updates for Microsoft Office to ensure any back doors are patched to keep your system protected
- Regularly backup your data (and keep a copy offline) to ensure it’s still available in the course of a ransomware attack
For more ways to secure and optimize your business technology, contact your local IT professionals.
