Locky Ransomware Sent as Invoice Attachment

Locky EmailLocky ransomware is the latest threat and is a variation on previous encryption attacks. It is delivered by email and fools you into opening an invoice attachment.  After deploying, it encrypts files on local and network drives. Although CryptoLocker and CryptoWall used different methods to gain access to your system, they had the same goal to get you to pay a ransom to unlock your files.

At this writing, Locky is using an email attachment of an invoice as its entry point, but the delivery will certainly change as the threat evolves. After you click on the invoice, the view looks scrambles and you are prompted to instructed to Enable Macros.  Once you do that, Locky AttackLocky executes and encrypts your files.

Locky has some additional attack strategies not seen in previous crypto-type of attacks.  Here are two links if you want to read more:

Locky Information from Bleeping Computer

Locky Information from MalwareBytes

Protect Yourself from Locky Ransomware in three easy steps:

  1. Have a good, complete, current, offline/offsite backup
  2. Don’t click on email attachments unless your are absolutely certain of the authenticity and origin
  3. Don’t enable macros

For more information or if you want to discuss or if you have been hit with Locky or another crypto-type of attack, feel free to contact me at mary@lansystems.com.

PS Did I say to have a good, complete, current, offline/offsite backup for protection?


About Mary

Mary is the CEO of LAN Systems. She is an electrical engineer who feels her greatest strength is the ability to connect with people. LAN Systems provides IT managed services and solutions to growing companies and non-profit organizations. You can contact Mary at mary@lansystems.com.

Speak Your Mind