Security Alert! Locky Reemerges—Dangerous As Ever

iStock_000015275621_SmallMost of us breathed a sigh of relief thinking that the notorious Locky ransomware virus, which first made its debut in February 2016,  had run its course. Not so! This past week, Locky reemerged with a slight but devious twist—the same nasty virus but with a different delivery mechanism.

Previously, Locky was sent to victims via SPAM email with a malicious MS Word document attachment, often masquerading as an overdue invoice, etc. When opened, the victim was prompted to disable macros to view the document. Once the user complied, Locky was downloaded onto the target’s computer starting the ransomware attack.

Apparently, users began to catch on eating into Locky profits, so cyber-criminals decided to change things up a bit by embedding malicious MS Word documents in PDF files, thus bypassing the sandbox environments employed by many anti-virus and security software.

Once the victim opens the PDF, the infected Word file is exposed and the user is encouraged to open the document and “Enable Content”. Once done, the victim’s files are encrypted with the .osiris extension. The current going rate for the encryption key is approximately $623.00.

As stated above, Locky is a particularly nasty strain of ransomware since it:

  • Targets a large number of file extensions
  • Has the ability to encrypt data on unmapped network shares
  • Changes filenames making it difficult to restore data completely
  • Detects sandbox environments and changes its behavior accordingly
  • Continues to encrypt files offline even after shutting down the ground-zero workstation
  • Deletes Shadow Copies in Windows, thus removing local file backups

Locky keeps evolving and gets more dangerous with each variation and is considered one of the top three ransomware threats along with its infamous cousins—CryptoWall and Cerber. Although there have been strides in anti-malware technology, there is currently no single method available that is 100% effective.

The best approach to security is a layered defense: having a strong, managed firewall (hardware and software); keeping your anti-virus, operating system and 3rd party programs updated; having your network monitored, maintained and managed by a responsive Managed Services Provider (MSP); employee training; and finally employing a Hybrid-cloud Business Continuity solution.

 

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.