Locky, the blackmail Trojan horse

According to Kaspersky Lab, Locky uses two attack vectors in particular: the Trojan gets onto the computer via fake invoices in the e-mail attachment. As soon as the document attached to the e-mail is opened, the malware is downloaded from the Internet - provided that the macros required for the infection are activated. However, legitimate websites on which the Locky malware has been placed are also known. If a user - with the corresponding software vulnerabilities on his computer - visits a corresponding page, Locky tries to install itself automatically on this computer. In newer versions, Locky also disguises itself as a fax or scanner notification, Kaspersky adds. As soon as Locky has found a way onto the infected computer, the Trojan starts its encryption activities and then demands a ransom from the victims.

Safety tips

To protect against a ransomware attack, IT security providers such as Kaspersky Lab and G Data recommend the following measures, for example:

• Be careful with email attachments: Users should not open attachments within emails from unknown people. It is also advisable to deactivate the macro function in documents, because Locky uses them to infiltrate a computer.
• Regularly create backups so that you can fall back on the encrypted data in case of an emergency.
• For companies: Separate the backup media from the computer so that they cannot also be encrypted. Employees should only have limited user rights on computers.
• Update software: The operating system, browser and all other programs used should always be updated with the latest available patches.
• Use up-to-date security software: Modern antivirus protection solutions protect against infection. Using special technologies, in case of unauthorized encryption, the affected data can be recovered and a system can be restored to its original state.
• Do not pay: It is not advised to pay the demanded ransom. Instead, law enforcement authorities should be contacted in case of digital extortion attempts.