Mary called me yesterday. She received an email from a financial services firm relayed to her from a trusted friend. She thought it was strange to get an email for September but she opened the email attachment.
Immediately, icons on her computer started turning white. She thought that was strange so she shut down her computer and reopened it and the icons were still white. She clicked on one of them and saw the word “Locky” in the name – she called me immediately.
I logged in to take a look and immediately determined that it was a virus but not one I had ever seen.
“Locky” is a new form of Ransom Ware that encrypts your files. Different versions will do different things but Mary’s encrypted all her pictures, Word documents and Excel Files, both on her computer and on her external hard drive.
Here is how it works. You open the email, click on the attachment and that is it, you are encrypted. What makes this such an ugly virus is after it encrypts your files, it uninstalls itself. There is no virus to remove and the files are encrypted with RSA-2048 and AES-128 ciphers making the files un-usable. There is a ransom request but everywhere I looked discouraged the payment. You do not want to endorse the bad behavior.
So what can you do to keep from getting this virus?
AV Defender, Malwarebytes, SpyBot, BitDefender, Norton, Symantec, TrendMicro, none of these will catch the virus. Your only way to protect yourself is discipline. You must know what you are getting in your email, make sure it makes sense, look for misspellings, call the sender if you know them and see if they really sent it. If you are not sure, don’t open it. If you do not need to open it, don’t. Make sure you have a backup and it is current and backing up everything you may need.
This is going to really be a problem. The virus has only been out a couple of weeks so BEWARE.
Your only solution, if you get the virus, is to reformat your computer hard drive and re-install Windows and all your data from your backup. If you do not have a backup, you are hosed. If your backup is attached to your computer, it will be encrypted. Your backup must be detached from your computer for example a web based backup solution.
If you are concerned about this virus and would like to discuss options or if this is just something you do not want to be worried about, call us and we will be glad to assist.