New Ransomware: "Locky" The security team at Lexpath has analyzed a new variant of ransomware that is rapidly spreading around the globe. Locky arrives as malware infected Microsoft Word document. It may seem to come from a known individual and uses social engineering to trick users into running the malicious code which will encrypt the user's files and hold them for ransom.
We remind our users: do not open unsolicited attachments no matter who the sender is. Contact the sender to determine if the attachment was really sent by the person.
The text of the email which contains the malicious attachment may look like this:
The MS Word document attachment that contains the ransomware code may look like this or a variant of this:
The criminals behind this scam want you to click the "enable macros button" Do not do it!
Remind the users in your organization about the following:
Never open unsolicited attachments. "Locky" often arrives in a user's inbox posing as a fake invoice, "secure message", fax notification, voicemail attachment, ACH transfer, or banking alert. It may be a .doc, .docx, .zip file, .pdf file or other executable file. Train your users to be wary of these types of fake email messages.
Do not enable macros on documents you receive by email.
Don't download or open unsolicited .zip or compressed archive files or open unsolicited .zip files that are password protected. A legitimate party will never include the password to a zip file in the text of an email.
Only visit trusted websites and avoid downloading files or programs from untrusted sources.
If you suspect an end user has executed a virus payload, immediately disconnect the PC from the network and contact our help desk at (877) LEX-PATH.
Stop. Think. Question. WHEN IN DOUBT DON'T OPEN IT!
I'm busy working on my blog posts. Watch this space!