Locky, the blackmail Trojan horse
The Locky encryption Trojan is still active. The culprit not only renders files on the infected computer unusable, it also thwarts file recovery by deleting shadow copies. In addition, Locky also attacks files on the network and is even capable of encrypting files shared on the network, as security providers warn.
According to Kaspersky Lab, Locky uses two attack vectors in particular: the Trojan gets onto the computer via fake invoices in the e-mail attachment. As soon as the document attached to the e-mail is opened, the malware is downloaded from the Internet - provided that the macros required for the infection are activated. However, legitimate websites on which the Locky malware has been placed are also known. If a user - with the corresponding software vulnerabilities on his computer - visits a corresponding page, Locky tries to install itself automatically on this computer. In newer versions, Locky also disguises itself as a fax or scanner notification, Kaspersky adds. As soon as Locky has found a way onto the infected computer, the Trojan starts its encryption activities and then demands a ransom from the victims.
Safety tips
To protect against a ransomware attack, IT security providers such as Kaspersky Lab and G Data recommend the following measures, for example:
- Be careful with email attachments: Users should not open attachments within emails from unknown people. It is also advisable to deactivate the macro function in documents, because Locky uses them to infiltrate a computer.
- Regularly create backups so that you can fall back on the encrypted data in case of an emergency.
- For companies: Separate the backup media from the computer so that they cannot also be encrypted. Employees should only have limited user rights on computers.
- Update software: The operating system, browser and all other programs used should always be updated with the latest available patches.
- Use up-to-date security software: Modern antivirus protection solutions protect against infection. Using special technologies, in case of unauthorized encryption, the affected data can be recovered and a system can be restored to its original state.
- Do not pay: It is not advised to pay the demanded ransom. Instead, law enforcement authorities should be contacted in case of digital extortion attempts.