February 25th, 2016 by Rocket IT
“Locky” is the newest villain on the Ransomware scene. Since Hollywood Hospital fell prey to the hackers, the tech world has been on high alert. So how does such a high-profile organization become a victim to ransomware like Locky?
The virus disguises itself in a Word document attached to an email. The Word document itself seems innocuous enough, and it typically appears as an invoice or some other business document. When you open it, the text appears jumbled and unreadable, so it prompts you to Enable Editing (which will enable macros). The virus runs on a macro, downloading the virus from a remote server and executing it, encrypting your files on your computer AND on mapped network shares. In addition to locking you out of your files, it changes the names so it’s even more difficult to restore the data locked.
So how can you protect yourself and your company from Locky?
Only open attachments from trusted sources, and only then if you’re expecting them.
If you receive an invoice or any other attachment in an email from someone you’ve never communicated with before at a company you’ve never heard of, don’t open it. If you absolutely must open it, only do so in Protected View. If it prompts you to enable macros or editing to read it, DON’T. Close out of it and junk the email.
If you receive an email with an attachment from someone you know, still be careful. Only open it in Protected View, and follow the same “exit and junk” procedure if anything prompts you to enable editing or macros. Many of the email addresses used to send the Locky ransomware were email addresses that were spoofed from innocent parties.
When using older versions of Word, you may not have the Protected View option. DO NOT OPEN THE FILE AT ALL. If you open the file using a pre-2010 version of Word, the macro will run when you do so. These previous versions of word leave you unprotected. Consider updating your programs to more recent (and more secure) versions.
Jason Hand loves making music, serving his church and getting people excited about technology tools. He currently lives in Georgia with wife and two adopted sons. Jason is the Systems Administrator at Rocket IT.
Want technology and leadership content sent directly to your inbox? Subscribe to Rocket IT’s monthly newsletter!