‘Ransomware Locky’ a new threat decoded and How to Protect Yourself.


A Government Organization CERT (Computer Emergency Response Team) has issued a high priority alert that a new ransomware Locky has spread like ransomware WannaCry which has compromised a huge number of the computer system in the India, which has also affected ATM network and Government offices computers too.

The CERT issued a severe threat alert on Saturday and also advised to the users not to open any unknown emails from an unknown sender as it is estimated that an approx. of 23 million emails, messages are sent in the phishing campaign.

The studies estimate more than 100 countries in the world have infected and some of the hospital in the US and New Zealand have also become the victims of this attack and approx. of 8 million USD had been extorted by the hacker using this Locky ransomware.

How it works:

This malware will encrypt the original files in to “.locky” using the RSA-2048 and AES-1024 algorithms and the effect computer user needed to pay money to the attacker and get the files decrypted, the malware attached in 2016 was used to encrypt the files on the Windows machines and the Victims are made to pay the amount to an untraceable bitcoins for the recovery of files.

A spam emails are sent and used commonly by a hacker to target the victim’s computers. The email will contain a Word document as an attachment with unsuspecting file names likes “please print” “Important documents” “photos” “images” “scans” and “pictures”.

As it does not affect that much of WannaCry as most of the Antivirus companies have already released the patches for the vulnerability.

How to Prevent.

Locky effects the victims computers using the macros in the MS Office, “Where the Macros are the scripts which are used to automate the tasks in the MS Office, and in the latest version of MS Office it is disabled as a default settings, the best and only way to avoid the malware is to observe the files extensions in the attachments and Macro-enabled documents will have the extension like `.docm’ `.mdoc’ `.xlsm’ `.mxls’.

It also advised that to update the version of OS regularly and its advised that to install a good antivirus software and take the updates regularly.

The best defense mechanism is to follow the advised online practices such as not to open the suspicious emails, do not download the email attachments from an unknown person or strangers

Advertisements