The latest ransomware going the rounds is ‘Locky’ and arrives via email as a Word document.
Currently the email arrives with a subject like:
ATTN: Invoice K-56463223
The message:
Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice
Attached is a Word document – notably with a .DOC extension. If you open that document and then follow the request to enable macros, your computer gets ransomed.
Most of the documents on your computer AND attached network shares are encrypted. For many businesses, that means everything.
Even Volume Shadow copy files are deleted. File History backups (Windows 8 and 10) will also be encrypted.
To get your files back, you have to pay 0.5 Bitcoins (about US$220) and, hopefully, you’ll get a decryption key to restore the encrypted files.
That’s the brief story of Locky, BleepingComputer has details.
What to watch for
What stuck us is that the email attachment is a .DOC file – the old style Word document which Microsoft replaced almost a decade ago and for good reason.
Be immediately suspicious of any old style Office documents that arrive via email .doc .xls .ppt etc.
We’re amazed at companies that still send out info in these old formats, despite the risk to themselves and their customers.
The newer .docx .xlsx and .pptx formats are smaller, more reliable and, importantly, can’t contain or run any macros to harm your computer.
Hopefully the filtering on your mail host will stop Locky and other nasties before they reach you. But there’s always the chance that something will get through, so always be on your guard.
