Beware of Locky Ransomware

Blog Author: Aaron Smith | May 17th, 2016

As we send and receive more and more emails regularly, the possibility of email scams and viruses compromising your IT and financial security is becoming a real threat to businesses.

For several years now, ransomware, a type of malware that encrypts files and demands a ransom for the decryption key has been on the steady increase.

In recent news, IT professionals have identified an even deadlier ransomware, dubbed “Locky” which is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.

What Does Locky Look Like?

It usually comes in the form of an email with a word document or zip file attached that is presented as an invoice.

It may look something like the below:

Locky screenshot example

 

 

 

 

 

 

 

 

 

 

 

What Can Locky Do?

The reason the “Locky” ransomware is so dangerous is because if you open the attachment or the file, the Locky ransomware will encrypt your data files (locally and shared). It also has the ability to remove shadow copies (backup copies made by Windows).

This is how it attacks:

  • It usually arrives by email and the attachment is generally a Word document with macros.
  • Once a person opens document, the macros infect the computer.
  • It deletes any shadow copies that Windows has made and starts to encrypt the files.
  • Once finished, it opens a file called “_Locky_recover_instructions.txt” with notepad

Once Locky encrypts the data it asks for payment in order to retrieve your own data. Often businesses are in a vulnerable situation and are desperate to retrieve their data so they pay the ransom fee.

 

How Can I Protect My Business From Security Threats?

 

Look out for the red flags

Sender: It’s a red flag if the sender is not a recognised person or organisation, but  keep in mind that cyber criminals are increasingly using social media platforms to launch attacks with some relevant information about your friends and family.

Other Recipients: Being copied on an email with one or more people who are not personally known is a red flag.

Subject: Is the subject line relevant to the content? If it sounds odd or automatic, that’s a big red flag.

Content: Spelling mistakes, unusual phrases, bad grammar, and provocative content are all red flags.

Attachments: Look at the attachment and consider whether it’s something you expect or whether the sender would typically send this. If unsure, it’s always best to call the sender and double check.

Hyperlinks: Emails directing the recipient to click on a link is another red flag. One way to check the link is to hover over the hyperlink with the mouse to see if the address is for the correct website.

It’s always a good idea to call the sender and ask them if it is actually for you.

Make sure you have a good backup solution

We can never be too sure that we won’t be affected by such a ransomware, thus it’s important to have a strong backup system in place that backs up your data. If you know that your business needs daily data, then you must backup daily. If you know that your business creates important data hourly, then you should backup hourly. If you have a strong backup, you can recover your data without needing to pay the ransom.

Use an Effective Antivirus

Our customers are protected by some of the best products available in the marketplace and continue to ensure we are up to speed on how to get the most out of them.

As a managed service provider, we ensure that we take steps to protect the security of all our customers’ data. We update the Antivirus and run regular checks to identify any risks arising.

Educate Your Staff

It’s important that you educate your staff to be aware of suspicious emails.

You could create a checklist of dangerous signs that they should flag immediately.

End user education is now the most effective way to prevent these issues, the user is the easiest way to infect a client but education and a keen eye is the single best way to prevent any issues. When your team is aware of such threats they can take the necessary precautions, it is also very important that this training/education is ongoing, as the threat landscape is ever evolving and new staff are joining who haven’t been educated previously.

What is your business doing to stay safe from Locky and other security threats? If you are looking for advice on IT Security or want to hold a training session on security best practices, we can arrange that for you.

Have A Question?
Fill In The Form Below

CORRECT SOLUTIONS

  • Unit 3 • 7 Anella Avenue Castle Hill, NSW 2154
  • Suite B • 3 Somerset Avenue Narellan, NSW 2567
Map