Quick Update on the Locky Virus

And what it means for you company’s security.

Remember that nasty Ransomware variant, Locky? Well, we are continuing to receive alerts from the FBI and other agencies about this extremely destructive form of Ransomware. Locky propagates through spam emails to distribute malicious files. These files download and execute code that is capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension.

**Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption.**

You can prevent these kinds of sofisticated attacks by taking these simple measures (some, you should already have in place): implement strong spam filters (especially phishing emails); implement technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing; prohibit personal email in work environments; provide effective user training; implement commercial-grade anti-malware measures; keep offline data backups that are not accessible locally or over the network; manage the use of privileged accounts; implement the principle of least privilege (no users should be assigned administrative access unless absolutely needed); implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, like temporary folders that support popular Internet browsers or compression/decompression programs — these include the AppData/LocalAppData folder.