LOCKY made its debut a week ago, and impacted half a million users around the globe in a day. The numbers have escalated alarmingly since then as this latest crypto-ransomware, developed by the same dark minds behind Dridex banking malware, spreads across platforms and continents.
As detailed by researchers at Naked Security for Sophos, LOCKY encrypts a wide range of file types. These include videos, images, PDFs, program source code, and Office files. As well as files in any directory on any mounted drive that the infected computer can access. This is important because this will also include removable drives plugged in at the time or network shares that are accessible like servers and other people’s computers. That is a lot of potential damage. Extend that to a case where an infected user is connected to the network using administrator access and controls; the damage could be widespread. Locky will also encrypt Bitcoin wallet files it finds, thereby stealing any bitcoin that could have paid ransom. Affected users will see this screen appear:
But then LOCKY takes things further by removing any Volume Snapshot Service (VSS) files or “shadow copies.” If you use Windows, you know those are the current of live backups Windows takes of work in progress – we all rely on those for when we forget to save, or the system crashes. Unfortunately, for some users these shadow copies have simply become their backup system.
We’re warning users to eware of phishing emails, in particular MS Word documents that masquerade as invoices requiring urgent payments, or bank statements. These will contain malicious macros that launch the malware. Once it gets onto a computer connected to ANY network, it will spread and contaminate rapidly. And any removable devices will also become contaminated, putting others at risk.
If you suspect you’ve been hit, time is crucial. Contact your support people immediately. We’re here for you. And shut your computer down. You need to cut yourself off from the network immediately. Expect that you will not be using your computer for some time. Expect that you will need to shutdown the network. Given that the encryption is so powerful, the only recourse victims have is to restore from an untainted backup. Or face paying the ransom with no guarantees.
Here’s what you can do to stay safer:
- make regular backups and keep one off-site
- do not enable macros in emails and attachments
- be suspicious of attachments from unknown/untrusted sources
- do not stay signed on with administrator privileges any longer than you need
- keep your security patches up to date
Thanks for reading and hope we helped!
Cheryl Biswas, Editor
- The 6 Most Common IT Issues That Hinder SMB Owners
- 5 Ways Software Can Slow Down Your Workflow
- How Off-the-Shelf Software Often Struggles to Meet Today’s Business Needs
- What Goes Into Creating Custom Software
- How Custom Software Can Eliminate Redundancies in Your Operations
- Your Dated Software is Costing You Clients
- Why You Should Replace Your Current Legacy System
- These Software Inefficiencies Are Hampering Your Competitiveness
- How to Ensure a Smooth Legacy System Migration
- Why You Need a Cloud Based VoIP Phone System
- Why You Need a Mobile Device Management Solution
- Leverage our Disaster Recovery Planning to Protect and Restore Your Company’s Data
- 5 Benefits to Choosing Managed IT for Your Healthcare Organization
- 6 Benefits to Choosing Managed IT Support
- 6 Questions to Ask Yourself Regarding Healthcare Managed IT
- 4 Common IT Security Vulnerabilities You Should Know About
- The Impressive Benefits of Office 365 for Small- and Medium-Sized Businesses (And How You Can Get Them)
- Waterfall vs. Agile Methodology in Software Development
- Can a Not-For-Profit Afford Managed IT?
- 7 Reasons Why Your Business Needs Enterprise-Grade WiFi
- Should You Fear Machine Learning?
- Technically Speaking
- Ransomware: Don’t Get LOCKY’d Out
- Laying in Your Security Foundation
- The Windows 10 Update: Be Wary of Shiny New Things
- An Example Of Why You Need A Disaster Recovery Plan (DRP)
- DRP: What Have I Got to Lose?
- Helping Those Who Help Others: Security for Non-Profits
- Security: One Step Forward and Two Steps Back
- Case Study