Leave a comment

Locky ransomware is back, and scarier than ever

Locky ransomware is back, and scarier than ever
Photo courtesy of shutterstock

It's time to start worrying about another round of ransomware attacks that could cost you big time. Locky ransomware is back after a brief hiatus. We've warned you before about the danger it presents. Locky is one of the fastest spreading forms of malware out there, which is what makes it so scary. Click here for a detailed breakdown of how Locky typically infects your computer.

After being MIA since the end of May, security experts say Locky has been found in millions of malicious email messages dating back to June 20. The new campaign of illegal activity is designed to steal money from their victims by tricking them into opening an infected email attachment.

While the new Locky campaign seems to have originated from the Necurs botnet, it now has more advanced features. Hard-coded JavaScript has been found in the new batch. Two or three clicks is about all it takes to unlock the malicious code that will encrypt all of the files on your hard drive.

Reports indicate that the email includes a message stating the following:

Dear [Name],

[Coworker name] asked that I send you the attached Word document, which contains the final version of the report.

Please let me know if you have any trouble with the file, and please let [coworker name] know if you have any questions about the content of the report.

Kind regards,

[CEO signature]

Due to the language, recipients of these emails can be easily tricked into opening the attachment. Even if the email seems out of place, they may be curious to see what the CEO of their company is asking them to look at. It's a good disguise for the hacker's payload, hidden in the attached Zip file.

Why is Locky so hard to detect?

Windows machines typically block .exe and .bat files from running automatically, however, .js files are not blocked. This means that if you're using Windows on your computer, the mere act of opening the file is enough to set the code into action and immediately encrypt your files.

One countermeasure to the attack is to change what application opens JavaScript files. These files will not actually be executed if they are opened with a program like notepad. To make this change, right-click on a .js file and open with notepad and be sure to click "always use the selected program to open this kind of file."

Although hackers primarily target businesses with the Locky strand of ransomware, it's not impossible that you might encounter an email like this too. If you're forwarded an infected email, or if it's sent to you by mistake, your personal computer could be at risk too.

What can you do to protect yourself?

Ransomware is such a growing problem that the Federal Bureau of Investigation is getting involved. The FBI recently issued a public service announcement in an effort to crack down on ransomware. Here are some recommendations from the FBI to prevent ransomware attacks:

  • Back up data regularly - this could be the best way to recover your critical data if you are infected.
  • Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
  • Never open risky links in emails - don't open attachments from unsolicited emails.
  • Download only trusted software - make sure the software you download comes from trusted sites.

Click on this link to check out some more of our tips on how to avoid being a victim of ransomware. And keep up with our Happening Now section to stay updated.

Next Story
Top shows to devour on Netflix
Previous Happening Now

Top shows to devour on Netflix

The real story behind America's Independence Day
Next Happening Now

The real story behind America's Independence Day

View Comments ()