Pagoda Blog


How to Protect Your Business from the Locky Ransomware

May 19, 2016

Image from blog.kaspersky.com 

 

Locky Ransomware is the new way for cyber criminals to take a hostage, and hold them until you send payment. Except instead of holding a person hostage, they just hold all of your important files on your computer, encrypt them and demand money for the key. The tell tale sign of the ‘Locky’ ransomware is that your important files will all have changed the file extension to ‘.locky’.

 

Locky typically infects a user's computer through email phishing. To summarize, phishing is when someone sends you an email (often from someone you know) that has some kind of attachment. This attachment is often a word document that has a link inside it the user is encouraged to click. The link is clicked, or the word document is downloaded and the malware infects the computer.

With locky specifically, there will be a word document that the user is prompted to open. The word document, once opened, will look something like this.


Image from nakedsecurity.sophos.com

 

The word document looks like a random string of numbers and letters and the user is encouraged to enable macros. If the user enables macros, the malware begins its dirty work. The ransomware scans the local drives and network shares (both mapped and unmapped), looking for more than 130 types of files to encrypt. After it encrypts each file, it changes the filename, changing the extension to .locky.

 

Locky deletes all of the computers shadow copies so the files can not be recovered (unless you have another backup), and then sends you a ransom note by placing their demands on your computer desktop and including the note in a folder where each file was corrupted.

 

The ransom note includes a web page for you to visit and demands typically .5 or 1 bitcoin, about $400USD. You can purchase the encryption key at this site and then get all your files back.

 

However, if you do not want to pay these crooks there are a few things we recommend you do to protect yourself.

 

  • Backup early, backup often. If you consistently backup your computers files to an external drive, you can easily restore your computer from a backup if your computer gets infected with locky.
  • Be aware of phishing attacks. Make sure you and your staff are educated about what phishing attacks look like. Don’t download attachments from people you don’t know, and double check with people you do know when they send you a downloadable attachment.
  • Don’t enable macros in document attachments received by email. Microsoft turned off this function for your protection. Many viruses and malware depend on you enabling macros, so don’t enable it.

 

If you are unsure how to correctly spot phishing attacks or need assistance training your staff, contact Pagoda Technologies for a free consultation.

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Pagoda Technologies is a globally recognized IT support company doing business in Santa Cruz, San Jose and all over the world who is working to help businesses and their IT departments run smoothly and efficiently. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a no cost business assessment.






Return to Pagoda Blog Main Page