Be on the lookout for a new ransomware called Locky. This ransomware encrypts your data using AES encryption and then forces you to pay 0.5 bitcoins to decrypt your data. It targets many different file types and it not only encrypts your network shares but on unmapped drives too.
Currently there is no way to decrypt files encrypted by Locky and your best way to recover is from your backups.
How does Locky get onto the PC
Locky is currently being distributed via an email that has an attachment with malicious macro inside the word attachment. The email will have a subject ATTN: Invoice J98223146 or similar and asks you to pay the attached invoice. Naturally end users click on the link to see what the invoice is for and then become infected with the virus and the encryption begins.
Once the file is run it then encrypts your files and will then prompt you with the following pages
How to Prevent Locky Ransomeware
Backup regularly and keep a recent backup copy off-site. Use a online service like Crashplan or some other off-site backup service that takes your data offsite from your computer. This particular virus targets any drives attached to the PC which can be a USB backup drive.
Don’t enable macros in document attachments received via email. Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so don’t do it!
Be cautious about unsolicited attachments. As always be cautious opening emails that look suspicious or your werent expecting. Not only in opening attachments but also in opening links contained in the website. If your not sure you can always forward the email to email@example.com and we can advise you if its clean or to avoid it.
Remove Local Admin Rights. Some users have administrator rights to the PC and if comprimised this gives the hacker access to everything. Give yourself only the access you need and prompt for administrator rights when required. This will keep the bad guys out and hopefully protect your pc from running malicious stuff.
Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit. Using a service like Tech Guard keeps your PC regularly up to date which keeps the bad guys from using the exploits on your pc.