NJ CAR was recently contacted by a member dealer who was hit with the ransomware “Locky” computer virus. The virus is delivered through email attachments, which often appear to be sent by someone the recipient recognizes. Once the virus enters your computer system, it encrypts any and all files it can find. There really is no key. You have to pay a “ransom” to get the files released. This particular dealer was being scammed for four bitcoins, with a value of approximately $1,600. The dealership elected not to pay and lost the files that were affected.
“Locky” is a relatively new ransomware virus that encrypts users’ files and demands bitcoin payments to decrypt them. The virus was discovered after it was sent to nearly 500,000 victims on February 16, 2016, in the form of a Word document disguised as an invoice requiring payment.
The document contained a malicious macro. When the document was opened, it requested permission to run a macro, which many victims allowed. The infected macro then performed the dirty work of installing the ransomware and scrambling the victims’ files. Locky infections have occurred after users opened a Word document attached to legitimate-looking emails. The malicious file is going undetected by most anti-virus software.
How Locky Works
Locky ransomware begins its attacks from an infected Windows machine, but can spread to other platforms via network connections. The ransomware encrypts a wide range of file types, including videos, images, PDFs, program source code, and Office files. If an infected user is connected to a network with administrator controls, the damage can be significantly widespread.Once installed, the ransomware also removes any Volume Snapshot Service (VSS) files or “shadow copies” that users’ computers may have made. These shadow copies are a way Windows makes live backup snapshots of works-in-progress, so if users forget to save, or the computer is unexpectedly shut down, those files can be recovered.
If you are a victim of the “Locky” virus, shut down the computer so other systems on the network are protected.
How To Prevent Ransomware Attacks
The rise of ransomware attacks highlights the need for users of all kinds to take greater security precautions with their stored data.
Practice safe Internet and email protocols. Don’t click on a link or attachment that is questionable, even if it appears to be sent from someone you know.
Security firms, such as Malwarebytes,have been actively working onproducts to combat ransomware attacks. In addition, users should make regular backups that are stored offline, update their computer security, limit the number of admin logins and utilize a Microsoft viewer application to inspect documents before opening.