The online world is full of nasty intrusions. Namely spyware, malware, and now ransomware.
One particularly successful ransomware has taken the world, quite literally, by storm. Let us introduce you to Locky. (Scroll to bottom for infographics)
Sure the name may sound friendly enough, but this widespread terror seems to know no borders and has been holding files hostage on a global scale. We are writing today to give you the upper hand in protecting yourself from a very serious threat that has the potential to cost you thousands of dollars. Take a few minutes to educate yourself on how to protect your most valuable files, you’ll be glad you did.
What is Locky ransomware?
With a name like Locky, you may imagine it to be a cartoon dog on your child’s Saturday morning cartoons. In fact, Locky is a very effective ransomware that slips itself into your hard drive and takes your most important files hostage. Locky holds files for ransom and forces victims to pay a fee in order to retrieve their precious files. Fees vary but many people have been forced to pay thousands of dollars to retrieve valuable data.
How Locky ransomware works.
In order to prevent yourself from a Locky ransomware attack, you need to understand how this malicious invader has been reaching its victims. Locky typically arrives in your email inbox in the form of a Word document or Excel file that is made to look like an invoice. The email will typically have a subject like, “ ATTN: Invoice J-43987493”. The body of the email will usually ask the reader to, “Please see the attached invoice and remit payment according to terms listed at the bottom of the invoice”. The attached “invoice” is actually a malicious Word (or Excel) document with a similar name to the subject like, “Invoice J-43987493”. When you open the file the text will be scrambled and you’ll be prompted to enable macros in order to view the document clearly. What this actually does is open your computer up to the malicious macro that lets Locky take control. At this point, Locky ransomware has free run of your system and will begin its hostile takeover.
When you run the macro you give it access to your drive and every file within. It will also infect any attached drives that are operating with your computer. Locky will even remove any VSS (volume snapshot service) you are using. Locky encrypts your files and changes the filenames. At this point you are essentially at the mercy of the criminals behind the attack. Locky ransomware then resets your wallpaper to an image of the instructions on how to pay the ransom for your files. Sounds pretty awful doesn’t it? It’s time to do everything in your power to avoid such an attack.
How to prevent a Locky ransomware invasion.
The best way to avoid an attack is to implement precautionary measures. This “better safe than sorry” approach is the only tried and tested way to protect yourself.
Be Wary of Email Attachments. As you read above, the way Locky ransomware infiltrates your system is through a malicious macro attached to a false “invoice” in a Word document.
Our first suggestion is to be wary of any invoices attached to emails unless you’re expecting them and you know the sender.Locky is praying on our curiosity. The worst thing that could happen if you avoid an invoice is the sender contacting you a second time about their payment. It’s certainly a safer choice than opening any unknown attachments.
Disable Macros. Secondly, you’ll want to prevent yourself from automatically being hit, should you make the mistake of opening the “invoice”. This means disabling all but digitally signed macros in Microsoft Word.
To do this:
- Open a Word document
- Click File
- Click Options
- In Trust Center, click Trust Center Settings
- Select Disable all macros except digitally signed macros
- Click OK
Offsite Backup. Keep a regular backup of your files offsite in order to prevent the total loss of your valuable data. This is good practice in the case of any emergency that could leave your files at risk. Protect yourself from fire or flood, theft of damage, or even accidental deletion. You can encrypt your drive further protection and peace of mind.
Administrator Status. Don’t stay logged in as an administrator unless performing administrative tasks. Avoid normal activities while operating as an administrator and you’ll be protecting much more than your personal files.
You’ve been hit. Now, what? Essentially, the verdict is still out on what can be done to help Locky ransomware victims recover their files. The “suggested practice” is to avoid paying the ransom because you’ll just be adding fuel to the criminal’s fire. We understand that this may be difficult to accept and you may feel prompted to pay in order to have your files returned. The ransom is paid in bitcoins and prices typically range from BTC 0.5 to BTC 1.0 (a bitcoin currently being valued at around $400), but some people are being forced to pay much more exorbitant sums.
At Metronetworks, we don’t recommend taking this route as it allows an unknown third party access to your most private information. They may be monitoring your actions and be able to take you for far more than the ransom amount.
There are some cases of Locky ransomware being removed by IT experts but even this route does not guarantee success.
If you’ve been hit with Locky ransomware please contact us immediately (559)492-5985
We’ll do everything in our power to help restore your system and regain access to your files.