A VERY MALICIOUS Virus known as 'Locky' has recently been circulating via emails.
This virus locks all your files and may transmit private financial data to the criminals.
It is infecting computers globally and reinforces the need for users to be diligent in not opening email attachments from unknown senders.
What does the email look like?
The email may look very legitimate and harmless - often using convincing subject lines to persuade you to open the attachment. ie. "Payment Declined", or "Invoice Attached" or maybe "Payment Accepted"
If you receive an email that looks HARMLESS but is not something you were expecting or has an unexpected attachment - DELETE it, DO NOT open any attachments!
An example of this tame looking email is shown below - however this may be varied considerably.
What if I am infected?
If you have opened such an email attachment. TURN OFF YOUR COMPUTER - IMMEDIATELY!
Call 0800 828 123 for further assistance. We will help you to ascertain the exposure and determine a suggested course of action.
What is Locky?
Locky is a very nasty and destructive version of ransomware. Once installed, Locky silently encrypts your files and then hides the special key required to decrypt the files to somewhere on the internet. Without this key you will not be able to open any of your files. Locky will then ask you to pay a fee to get the decryption key. The fee is about USD/Euro $300.00.
How do you become infected with Locky?
This infection is typically spread through emails sent to company email addresses that pretend to be customer related issues from Fedex, UPS, DHL, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.
So how do you protect yourself from this attack?
- Now is a good time to remind users to have a good and regular backup-in many cases, a good backup would have saved thousands of dollars of loss and cost. While UBT can do their best to assist with recovery from this infection, there is no guarantee that your files can be retrieved by any method. We can guarantee that an effective recovery is going to cost hundreds of dollars or more. The easiest method is to use an external USB hard drive and only plug this in when you are doing a backup. If you have on-line backup then this will also provide you with good protection as these services usually operate with multiple backups protected through powerful encryption and security measures.
- Ensure you have a good anti-virus and anti-malware application installed, and regularly updated such as the Eset or Nod 32 as installed on all UBT supplied computers.
- Be conscious of downloading any files from web-sites, and do not open email attachments that you are not sure of.