A relatively new virus, nicknamed “Locky”, has targeted over half a million people since it first appeared on February 16, 2016. Locky is a form of ransomware, specifically related to Cryptolocker. These types of viruses encrypt your computer’s data, making it inaccessible until you pay a ransom for the encryption key. They are almost impossible to trace, and once they’ve infected your computer, they are very difficult to remove.

Locky works in a very specific way that is easily detected if you know what you’re looking for. Targets of the Locky virus are sent an infected Word document through an email. These documents may look legitimate, and it typically appears as an invoice that requires a payment.

Locky Email Distribution

When the document is opened, it appears encrypted, and requests that the user “Enable Macros” in order to view the text normally.

Malicious Word Document

Once the victim gives permission to run the Macro, it installs Locky onto the computer, thereby scrambling and locking the user’s files. This is typical of all CryptoLocker viruses, but Locky takes it a step further and removes any Volume Snapshot Service (VSS) files or “shadow copies” that the user’s computer may have made. The VSS files act as quick backups of works in progress so if the user forgets to save, or the computer is accidentally shut down, their files can be recovered. This makes the victims even more desperate for their files, and many of them are forced to pay the ransom (usually about $400) to get their files back.

how to remove Locky virus ransomware decrypt files trojaner virus removal krypto-trojaner locked recover new cryptolocker decrypt unlock remove how to prevent ransomware attacks

After Locky finishes installing, the computer wallpaper is changed to something like this. It provides the user with instructions on how to pay the ransom and decrypt their files.

This virus is bad enough when it affects your personal computer, but can you imagine the damage it could do on your work computer? Particularly if you store private client or patient information on these computers. You simply cannot afford to lose access to these files, and therefore would need to pay the ransom.

Security researcher Kevin Beaumont says, “Locky is very well designed. The encryption uses a server infrastructure which is resilient and difficult to take down for authorities as there are backup systems in pace. The malware uses strong encryption as well and unless a big flaw is found in the attacker’s methodology, people are best restoring from any backups they may have.” Since this major flaw has not been found yet, it is more important than ever that users have reliable backups on their systems.

Partner with your Fort Wayne managed service provider to find out what safeguards your small business has in place when it comes to malicious ransomware viruses. Consistent and reliable backups are the most important security precaution, of course. Unfortunately, even the best anti-virus software has difficulty combating ransomware infections, so it is also important that you ensure your employees are made aware of these infections and how they can be avoided.

For more information on how to keep your systems secure, check out the hacking tag on our blog, or download our Simplified Buisness Continuity eBook.