By Kevin Pelton, CISSP
Imagine not being able to access any of your data without having to restore from backups or pay a ransom to hacker for the encryption key to unlock your data. This—is called ransomware. Ransomware refers to the act of hacking into a PC or network (typically via an email attachment), encrypting the data and then holding it hostage until a ransom is paid. This form of cyber fraud has been around for two decades, but has recently come into the spotlight with the 2013 CryptoLocker scheme.
And now there is a new threat – the “Locky” virus.
“Locky” is the latest ransomware virus being widely reported in IT security circles. “Locky” spreads through a Microsoft Word file, usually disguised as an invoice, which contains infected macros. When opened, the Word document contains scrambled text and a note saying to run the macros on the document if the text isn’t presented correctly. Users may also see a message from Microsoft asking if macros should be enabled. Upon enabling the macros, Locky is downloaded and executed, encrypting data on the machine and connected networks.
Bottom line, always be highly cautious when opening ANY email attachment, verify with the sender that it is legitimate, and remain EXTREMELY suspicious of any document that contains macros or requests that you enable macros in any Office document.
If you receive any suspicious files or have questions about best practices for IT security, we would be happy to discuss with you.