The following computer virus warning originally appeared in the San Benito County Chamber of Commerce newsletter, courtesy of Rx-TEK
A new ransomware has been discovered called Locky that encrypts your data using AES encryption and then demands .5 bitcoins to decrypt your files. Though the ransomware sounds like one named by my kids, there is nothing childish about it. It targets a large amount of file extensions and, even more importantly, encrypts data on unmapped network shares.
Encrypting data on unmapped network shares is trivial to code and the fact that we saw the recent DMA Locker with this feature and now in Locky, it is safe to say that it is going to become the norm. Like CryptoWall, Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.
At this time, there is no known way to decrypt files encrypted by Locky. Locky installed via fake invoices Locky is currently being distributed via email that contains Word document attachments with malicious macros. T
he email message will contain a subject similar to ATTN: Invoice J-98223146 and a message such as "Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice". Attached to these email messages will be a malicious Word document that contains a name similar to invoice_J-17105013.doc. When the document is opened, the text will be scrambled and the document will display a message stating that you should enable the macros if the text is unreadable. Once a victim enables the macros, the macros will download an executable from a remote server and execute it.
We have seen this virus and variations of the virus as attachments masquerading as Invoices, jury duty, IRS notifications, and payments. Many of the anti-virus and email protection software packages are being updated to stop this virus. However, due to the many variations due diligence is needed by the end user.
No software is 100 percent effective at stopping viruses. NEVER OPEN AN ATTACHMENT IN AN EMAIL, UNLESS: 1. YOU KNOW THE SENDER OF THE EMAIL AND 2. YOU ARE EXPECTING AN ATTACHMENT