Security researchers at Palo Alto Networks have spotted a new kind of ransomware called Locky that works in a kind of attack similar to that of Dridex, a notorious kind of banking malware that has victimized a great number of individuals and enterprises.
Normally, ransomware victims receive an email that contains a Microsoft Word file that appears to be an invoice, which will require the user to open a small set of applications called marco to execute certain functions. In its default setting, macros are disabled in Microsoft systems because of security implications. Users will get security notifications when a document they are about to download contain a macro.
Unless your macro is disabled, a malicious document sent to your from an unknown source will download and install the Locky malware to your computer. This operation appears to be similar to another, older Trojan we have been hearing about lately, Dridex. This Trojan has been stealing online account details of thousands of users.
The similarities between Dridex and Locky are stunning – how the Trojan is spread, the overlap in names of files – which led tech pundits to suspect the group behind Locky is somehow connected to the group that distributes Dridex.
Palo Alto saw proof of a wide distribution of Locky, and suspected that the Trojan has already infected a great number of computers due to the 400,000 sessions detected to be using a similar sort of macro downloader, dubbed Bartallex.
The threat of ransomware has grown over the years and has targeted a wide variety of sectors, from banking firms to medical facilities. Most recently, the Hollywood Presbyterian Medical Center in Los Angeles had its computer files locked down for at least a week after attackers encrypted the files and asked for $3.6 million paid in bitcoins in exchange for the key to unlock the documents.
A ransomware works to lock down a computer and the files stored in it by encrypting the system, and even an entire network if possible. Afterward, the attackers would demand a payment as a ransom to recover the encrypted files.
Unless an organization’s files are stored in a back-up system, you will have to bear the pain of paying large sums of ransom payment, which ranges up to $5 million at present according to studies. One effective way to avoid getting victimized by a ransomware such as Locky is to secure your Microsoft Office suite. Locky has already affected users in the United States, Australia and Canada.