Online Support Computing Ltd

Ransomware Watch: The ‘Locky’ surge in 2016

The BBC have reported warnings of a “huge surge in messages containing ransomware” this week, sparking security firms to speak out on a new kind of Ransomware, ‘Locky’.

What is Ransomware?

If you’ve been following this blog for a long time, you will have seen our previous reports on Mobile Ransomware, CryptoLocker, CTB-Locker and CryptoWall.

Like all of those ransomware programs, once on your machine, Locky encrypts data and asks for a ‘ransom’ payment in return for a decryption key. Locky asks for the bitcoin equivalent of £885.

Usually Ransomware is hidden in executable files disguised as documents. Often these are labelled as invoices or purchase orders in emails.

Locky, however, was hidden in the encryption in macros for Microsoft Word. It’s also been known to be hidden using attachments written in Javascript.

How to avoid Ransomware

The way Locky has been hidden means it’s a lot harder for them to be spotted by Anti-virus software.  This means it’s really important to ensure that you don’t open any attachments that look strange.

As in our CryptoWall post, we recommend avoiding the following to help steer clear of infection:

  • Any emails with attachments which looks like an invoice, complaint or purchase order or from an address you don’t recognise.  Always verify with the sender that this is a genuine email before you decide to open the attachment.
  • Any emails with .ZIP attachments.  This is how the Cryptowall attachments are usually displayed.  Check it with the sender to verify it.
  • Any emails with .exe attachments. These will almost definitely be a virus – never open. Usually they will hide a .exe file within a zip file. You can check the file extension to make sure.
  • Using personal email accounts – If using web-based email accounts like gmail, hotmail, Yahoo!, etc. – any email needs to be checked meticulously as these will not have the same level of protection as company email accounts.  If you need to check your personal emails, we would recommend using your mobile phone.

Other ways to protect your data

You can’t always rely on your staff following our guidelines to the letter.  If you could, cybercriminals wouldn’t bother with Ransomware.

So what else can you do to protect your data?

Having a reliable backup solution like CDBR is one way.  Another is ensuring you have reliable Email Virus Scanning. If you’re unsure about this, you can contact us or call on 0208 232 1190.