Everywhere you turn, you read about ransomware becoming far too ubiquitous in infecting computer networks worldwide. What’s more shocking is when you see the FBI clearly showing exasperation at how to solve the issue. After recently telling victims of ransomware to pay the ransom to get their files back, it shows there isn’t any quick fix available.
What’s more alarming is we’re seeing more variations on ransomware developing that use more insidious means to infect your network. Each one hijacks your files and asks for a ransom (typically in bitcoin), and seem impossible to stop.
But are they really? Take a look at the most recent ransomware variation called “Locky”, and how you can potentially stop it from affecting your business.
What is “Locky” Ransomware?
This more recent variation of ransomware since the first of the year has a name of “Locky” for one specific reason: It renames all your files with the title.
The difference between this and other ransomware is that Locky scrambles your files so they look unreadable. You’ll get a message asking for a ransom to get a decryption key so your files are readable again.
As mentioned above, they usually ask for payment in bitcoin, and the amounts they ask for vary. However, it’s never cheap and it can affect your financial future if you end up paying hundreds or thousands of dollars at once. Creators of malware typically request you set up a Bitcoin Wallet so any bitcoin currency you have accrued gets sent to them instantly.
If this sounds concerning, how you get the Locky malware is even more alarming. Regardless, it frequently occurs through the same methods any other malware does, except with more clever ways of fooling people.
The Variation on Email Attachments
For a while, ransomware worked by fooling executives or employees into thinking they were receiving an official email requesting information. In some cases, those emails related to asking for financial information, which frequently compelled people to click links.
With more awareness of this dangerous scheme, Locky ransomware sends emails now using attachments. When you open the attachment, the email looks garbled with a request to enable macros on your computer to make it readable.
It’s here where the malware gets into your computer, because once you turn macros on, the code in the email gets saved to your hard drive. The saved file works as a downloader and places the ironically-named Locky on your computer.
At this point, it can scramble any file with extensions, which means virtually everything in your server. What’s worse is it frequently scrambles your bitcoin wallet file so you’ll be forced to pay the ransom with whatever bitcoin you have left there.
Keep in mind Locky can scramble files on removable drives as well that you had plugged in during the infection. All told, there isn’t an easy fix to this as of yet, though you can do some things to prevent it from spreading in the first place.
Having some form of backup is essential, and solutions like the cloud helps you access your files immediately without lags or fearing your files are gone forever. Despite some companies paying the ransoms on ransomware, there isn’t any guarantee you’ll get your files back.
Even more importantly, don’t enable macros in email attachments. It’s a common way for malware to get into computers, so don’t turn them on. Plus, all unsolicited attachments in email shouldn’t automatically get opened without careful scrutiny.
If your office software has automatic patch updates available, always keep them up to date so new ransomware programs don’t exploit vulnerabilities.
Visit us here at Dynamic Solutions Group to learn more about ransomware and the best tools to protect yourself.