“Locky” is a seemingly cute name for a not-so-cute new strain of ransomware. Like most ransomware, “Locky” renames your files, scrambles the data within, and then locks them down, demanding the end user to pay a hefty ransom for the decryption key.
How “Locky” Ransomware is Transmitted
Like many forms of ransomware, “Locky” is acquired through suspicious email attachments. When the end user opens the attached “Locky” document, they will find that the information within is just a bunch of random symbols and text strings. The document prompts the end user to enable macros to reformat the document to a readable version.
However, once the macros are enabled, the text remains the same, and code is run inside the document instead, saving the file to a disk. The saved file now serves as a downloader for the “Locky” ransomware, fetching it from the cyber criminals who sent it out. Unfortunately for the end user, “Locky” scrambles all files, including videos, images, source code, and office files and can charge anywhere from 0.5 to 1.00 Bitcoins (approximately $200 – $400 USD) for the decryption key. Bitcoins are particularly important to the criminals because it is very hard for law enforcement to identify the users and obtain records, allowing the cybercriminals to get away with your money with very little fear of detection.
Unfortunately, “Locky” scrambles everything – including your Bitcoin wallet file – and removes any shadow copies that Windows may have saved on your drives, forcing you to purchase more Bitcoin to pay up. If you happen to have more Bitcoins in your wallet than the cost of your ransom and no backup, you may end up paying much more than originally requested.
It’s important to remember that ransomware isn’t limited to just your C: drive. It attacks any and all directories and mounted drives it can gain access to, including removable drives, network shares, servers, and other user’s devices. If you’re logged in as a domain administrator at the time of the attack, “Locky” could be doing more damage than you even realize.
How to Reduce Your Risk of Obtaining “Locky” Ransomware
Intivix stays up-to-date on all cyber security threats that criminals are utilizing to attack your data and extort money from you.
- Keeping a recent backup copy off-site and refreshing it regularly – doing this will also protect your data from floods, fires, theft, user accidents, and hardware damage. Make sure you encrypt your data for extra security.
- Don’t enable macros from an attachment – auto-execution was turned off by Microsoft several years ago to increase security. Malware works by convincing you to turn it back on, disabling Microsoft’s security efforts.
- Be mindful of suspicious email attachments – don’t open it if you aren’t sure that the file is safe. Criminals rely on you opening a file to make sure it’s correct first.
- Stay logged out of domain administrator – unless absolutely necessary, do no login with Domain Administrator privilege. Avoid web browsing and other work activities while operating with administrator rights. This is very dangerous to be using during daily work activities especially due to the access granted to sensitive data files and company information.
- Create two logins – Even as an IT administrator or company executive, have two logins: one non-admin account for your day-to-day work, and a second login that you only use when performing Domain Administrator functions. Intivix has inherited networks where office administrators or executive level staff have been assigned Domain Administrator privilege (basically this is the highest access possible; super user equivalent) and have used it for daily activities.
- Install Microsoft Office Viewers – these applications eliminate the dilemma faced by users on whether or not to open a document. Users will be able to view documents without opening Word or Excel and doesn’t support macros at all, leaving no room for enabling them by mistake.
- Patch early and often – malware doesn’t solely rely on the lack of education or carelessness of the end user. It often targets security bugs in Microsoft Office, Flash, and Internet browsers. Patching them early and often helps to close the holes that criminals rely on to exploit.
Protect Your Data with Intivix
Luckily, Intivix knows that a simple anti-virus isn’t enough to adequately protect your data from cyber criminals, malware, and ransomware such as “Locky.” Their expert consultants install a multi-layer defense system to keep your data secure and protected, as well as offer backup for an accidental data breach. Give them a call and find out what they can do to protect your network security.