Internet Skeptic Blog

Posted by: Bob Bayn on Feb 18, 2016

Locky Data Lockout

"Locky" is the latest malware being delivered as an executable macro in malicious email attachments.  It has arrived at USU but hasn't hooked a victim yet (that we know of).

The unexpected email may contain a story about a payment or invoice or a delivery problem or a scan-to-email document or any of the other vague threats that malicious spammers have always used.  Anything to get you to click on the attachment.

Then the subterfuge beings.  Your Microsoft Word is probably configured to ask you for confirmation before allowing the macro in the document to execute.  You may have never seen that request before because macros are so rarely used in documents, especially genuine documents in email.  But don't fall for it!  Don't believe any instructions in the email or in the document that instructs you to allow the macro to run.

If the macro executes then any sort of mischief could happen on your computer.  This hacker trick has a long history of being used to download keystroke loggers, back door access, and even trojans that contain other malware.  But this time, the malware is "crypto-ransomware".  It holds your data ransom by encrypting your files.   Then it offers you the decryption key for a payment (generally several hundred dollars) in BitCoins or to an offshore account.  That expense is probably not in your budget, or even in your department's budget.

For more info, see my favorite source,  Naked Security at Sophos.com:

https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

and thanks for being an Internet Skeptic!