A new variant of ransomware has been discovered on Tuesday (February 16), known as "Locky," and has been spreading swiflty since it first appeared. The attackers behind Locky have spread the malware using massive spam campaigns and compromised websites. Locky typically spreads itself by tricking users into opening a document attachment sent to them by email. Once downloaded, the document looks like random characters and symbols, and victims are prompted to enable macros in the document, which downloads a malicious file that encrypts files on compromised Windows PCs.
Locky encrypts files on victims’ computers and adds a “.locky” file extension to them. The ransom demand varies between 0.5 to 1 bitcoin (approximately US$210 to $420).
Figure 1. Example of spam email used to distribute Locky
What is a Macro Virus?
Word documents containing a malicious macro are attached to these emails. A macro virus is defined as “a computer virus written in the same language used for software applications, such as word processors.” Microsoft Word and Excel are two examples of applications that feature powerful macro languages, which are embedded in documents so they run automatically when the documents are open. If this macro is allowed run it will install Locky on to the victim’s computer.
Figure 2. Example of Locky ransom message
Tips on protecting yourself from ransomware
- Regularly back up any files stored on your computer. If your computer does become infected with ransomware, your files can be restored once the malware is removed from the computer.
- Be sure to have Internet security software such as Norton Security. Always keep your security software up to date to protect yourself against any new variants of malware.
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.
- Delete any suspicious-looking emails you receive, especially if they contain links or attachments.
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email.
- If you do not use macros, you can disable them by following these instructions.
