The newest Ransomware variant to plague the web goes by the name of TrojanDownloader.Win32.Locky. Similar to other Ransomware, Locky is designed to take personal files from a computer and encrypt them using a complex key. This key is then ransomed to the computer’s owner, essentially holding your valued files hostage. The kicker though, even if you do pay the ransom, there is absolutely no guarantee that these cybercriminals will then give you the decryption key once they have taken your payment. Cybercriminals have used this despicable tactic before, something we’ve extensively blogged about before in the article: http://www.stopzilla.com/blog/ransomware-is-on-the-rise-tips-to-prevent-infection/
Unlike some other Ransomware infections however, the Locky infection is spread via email and can infect numerous computers on a network. The email that carries this infection is designed to look like a regular inter-office email. Attached to the email is a .doc file (Microsoft Word file) that is often named to reflect an office document such as “Invoice.doc.” The directions provided in the infected document will then actually instruct the user to turn on the macro function in Microsoft Word. After these macro functions have been enabled, the malicious code hidden in the document is executed and the infection begins.
It is very important to note that when dealing with infections such as this, having a fully updated anti-malware product like STOPzilla on your computer will severely lower your chances of becoming infected. In addition, it is considered safe practice to NEVER open email attachments from unknown senders.
If you have any questions, or need assistance identifying or removing TrojanDownloader.Win32.Locky, please feel free to call or chat with STOPzilla Support:
For more information about Ransomware, please view the following page from the Microsoft Protection Center: