Despite its seemingly innocent name, Locky, is a newly discovered ransomware that has the ability to take hold of your business’ data, encrypt it and then demand you fork over bitcoins in order to decrypt and regain access. Locky invades your system and encrypts a large portion and variety of your data. The encryption process targets data even on unmapped network shares and is able to make fundamental changes to encrypted files which makes selective restoration near impossible. Currently, decrypting Locky files without handing over cash is a mystery.
How it invades your system
An email message will be received with a subject line that references a fraudulent invoice number. The message body will urge you to review the attached invoice and send payment according to the invoice’s instructions. The ‘invoice’ will be attached as a Word document that’s infected with malicious content. The attachment opens as an infected Word document, with jumbled text and a message telling you to enable macros if you’re unable to read the content.
Opening the macros will download a file that executes the process of encryption of your data. Locky will then create a unique alpha-numerical identifier for your business and scan all your locally stored and unmapped network data, searching for files to alter and encrypt. File names will be entirely changed, making it very difficult to distinguish what’s what.
Locky eliminates any restoration options built into your PC and will formulate ransom notes to appear on your desktop, as your wallpaper and in any encrypted file location. The ransom note will explain to you that your data has been compromised and encrypted and will direct you via link to the decryption site. The link will direct victims to: 6dtxgqam4crv6rr6.onion where they will be instructed as to the amount of bitcoin that is required in order to execute the decryption process. It will instruct you on how and where to purchase bitcoin and how to forward payment and where to forward it to. If and when payment is sent, a decryption application will be provided so as to decrypt data held hostage.
How to protect yourself?
First and foremost, be weary of emails received and don’t open attachments without care. Make sure your network is protected by access and restriction controls and as always, be sure you’re armed with anti-virus software. However, the best possible protection against data invasion and security breach is becoming as ‘tech-literate’ as possible. Learn as much as you can about potential threats and make sure your team is well-versed on potential gaps in security.
If you’re looking to build up your tech-literacy and better arm yourself against technological security breach, reach out to the experts at C.D.'s IT Consulting LLC. We’re here to help you understand technology in a way that protects your business while propelling it forward. Get in touch at: (317) 522-1362 ext 2 or firstname.lastname@example.org.