{"id":10972,"date":"2016-04-06T08:00:09","date_gmt":"2016-04-06T12:00:09","guid":{"rendered":"https:\/\/solutionssquad.com\/?p=10972"},"modified":"2024-03-19T15:57:45","modified_gmt":"2024-03-19T19:57:45","slug":"new-locky-ransomware-faqs-how-you-must-act-now","status":"publish","type":"post","link":"https:\/\/solutionssquad.com\/blog\/new-locky-ransomware-faqs-how-you-must-act-now\/","title":{"rendered":"New Locky Ransomware – FAQs and How You MUST Act Now"},"content":{"rendered":"

Have you opened any invoice attachments lately? Now, there’s a new ransomware<\/strong> called Locky Ransomware<\/strong> that’s joined the ranks of viruses like CryptoLocker and CryptoWall.\u00a0This latest malware threat was detected just last week and already, it’s spread at an alarming rate, employing sophisticated social engineering tactics and bypassing\u00a0antivirus (AV), spam filtering and web filtering solutions. According to Dark Reading,<\/a> Kevin Beaumont, one of the first security researchers to unearth Locky, revealed he had seen “around 4,000 new infections per hour, or roughly 100,000 per day.”<\/p>\n

\nWhat is Locky?<\/h2>\n

Locky is the latest strain of ransomware that uses two forms of social engineering to\u00a0encrypt files, filenames and unmapped network shares.<\/p>\n

How is Locky Installed?<\/h2>\n

Like its ransomware predecessors, Locky relies on email phishing to successfully install. So far, experts report that hackers email victims a fake invoice, hoping they’ll download the malicious attachment. Bleeping Computer<\/a> has already warned readers to watch out for emails with subjects similar to\u00a0ATTN: Invoice J-98223146<\/a>.<\/strong>\u00a0As we know, hackers use social engineering to\u00a0convince\u00a0targets they’re trustworthy by appearing legitimate when communicating\u00a0online or over the phone. For now, Locky can’t be successfully launched without getting the victim to comply. After examining\u00a0the sophistication of the text in the body of the Locky email, it’s easy to see how attackers are able to gain buy-in.\u00a0See\u00a0the following screenshot of the email message taken from\u00a0<\/strong>Lawrence Abrams’s incredibly helpful article:<\/p>\n

image source:\u00a0http:\/\/www.bleepingcomputer.com\/news\/security\/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares\/<\/a><\/em><\/p>\n

 <\/p>\n

What Happens When Locky is Installed?<\/h2>\n

Once installed,,\u00a0Locky encrypts your data and changes filenames to be indecipherable. It’s worth noting that a wide array\u00a0of file extensions are compromised in the process, including videos, images, documents and source code. Not only that, but as a Naked Security by Sophos article<\/a> explains, Locky “scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people\u2019s<\/strong> computers, whether they are running Windows, OS X or Linux.<\/strong>”<\/p>\n

Locky wouldn’t be classified as ransomware if it didn’t demand some form of Bitcoin payment to decrypt the affected files. Once infected, victims’ desktop wallpapers are changed, displaying\u00a0the following ransom payment process instructions:<\/p>\n

image source:\u00a0https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/<\/a><\/em><\/p>\n

 <\/p>\n

<\/h2>\n

What Preventative Steps Must\u00a0You Take?<\/h2>\n

1. Make sure your system has the\u00a0right Antivirus\u00a0and Antimalware software installed\u00a0for endpoint security so that they can catch Locky and other ransomware early.<\/p>\n

2.\u00a0Monitor your systems for suspicious behavior such as pop-ups or an abnormal rate of file changes.<\/p>\n

3. Update your systems with critical vendor releases and patches regularly. While this may not directly stop Locky, it’s a best practice for malware prevention in general because it corrects vulnerabilities in desktop applications that hackers can exploit.<\/p>\n

4. Implement a proper firewall to protect your network at the gateway level and block harmful files from reaching your network.<\/p>\n

5.\u00a0Make sure your IT company knows how to deal with ransomware and related items, and is taking the proper precautions\u00a0to protect you.<\/p>\n

6. Most importantly, leverage the right backup and disaster recovery (BDR)<\/strong> solution and back up regularly.<\/p>\n

What Role Does Backup Play in Locky\u00a0Risk Mitigation?<\/h2>\n

This last preventative step is a point we can’t emphasize enough! The only way to get corrupted data back without paying the ransom, which ranges from at least 0.5 to 2 Bitcoins ($208 to $800), is through your most recent backup. If you don’t\u00a0already recognize the absolute necessity of backup to protect and restore client data from\u00a0all instances of data breaches and data loss, consider the fact that Locky deletes any existing\u00a0Volume Snapshot Service (VSS) files and\u00a0encrypts network-based backup files.<\/a>\u00a0Evade this trap, and choose\u00a0a business grade\u00a0BDR solution that lets you efficiently back up encrypted data offsite to a secure, trusted public cloud. It’s\u00a0your only failsafe when ransomware like Locky strikes.\u00a0<\/strong><\/p>\n

What If I’m Not Protected or Not Sure About My IT’s Abilities?<\/h2>\n

Contact <\/a>our team to schedule your\u00a0Free No Obligation Network\u00a0Assessment<\/b> and to learn more about\u00a0how we protect our clients on a daily basis, and how you can also be provided with IT peace of mind and take your IT to the next level.<\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Article Source:\u00a0http:\/\/bit.ly\/1RWmZqo<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Have you opened any invoice attachments lately? Now, there’s a new ransomware called Locky Ransomware that’s joined the ranks of viruses like CryptoLocker and CryptoWall.\u00a0This latest malware threat was detected just last week and already, it’s spread at an alarming rate, employing sophisticated social engineering tactics and bypassing\u00a0antivirus (AV), spam filtering and web filtering solutions….<\/p>\n","protected":false},"author":1,"featured_media":9194,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"Protect Your Data from Locky Ransomware with these Essential Steps","_seopress_titles_desc":"Learn about the new Locky Ransomware, its alarming spread, and how you can prevent and recover from this dangerous threat. Take steps to safeguard your data and network today.","_seopress_robots_index":"","footnotes":""},"categories":[1],"tags":[5114],"_links":{"self":[{"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/posts\/10972"}],"collection":[{"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/comments?post=10972"}],"version-history":[{"count":4,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/posts\/10972\/revisions"}],"predecessor-version":[{"id":53823,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/posts\/10972\/revisions\/53823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/media\/9194"}],"wp:attachment":[{"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/media?parent=10972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/categories?post=10972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionssquad.com\/wp-json\/wp\/v2\/tags?post=10972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}