Look out for Locky, the newest member of the ransomware family. It has only emerged in the past few weeks but has already proved to be much more devastating than its predecessors.
The main difference between Locky and the other variants of ransomware is that can see un-mapped networked drives. Files encrypted by Locky don’t change the ownership of the files, but the help files created will have the proper ownership of the infected user. McAfee wrote on Monday that recent Locky spam have contained a complicated JavaScript file, which if executed downloads the ransomware. The change to JavaScript file is new, since the first spam messages contained malevolent Microsoft Word documents with macros that would download Locky.
These most recent ransomware attacks appear to be located in the U.S., France and Japan, but are spreading quickly worldwide. There are new reports surfacing that say up to 16 percent of all spam messages in recent weeks have been ransomware related, including many linked to Locky.
The ransom the virus requests is usually a few hundred dollars, and they want it paid via Bitcoin. If you’d like to avoid having to pay this ransom we recommend having regular backups available that you can revert to, but be advised this particular virus can attack improperly configured backups as well. Its always a good idea to have a copy stored offsite, in a safe and secure location.
If you’re concerned for your data or would like to know more about having safe reliable backups, please give us a call today. (775) 322-6455
