There is a new strain of ransomware that is running rampant. The virus is called the Locky virus as it encrypts your files and renames them with a “.locky” extension. We’re going to take a quick look at it here so you can be aware of the danger. For more information on ransomware in general see this post.
How the virus works
This virus is currently only transmitted via email. Specifically it is inside a Microsoft Word or Excel attachment. The email often claims to be an invoice in order to get you to open it and then says that you need to enable macros in order to read it. Once you have enabled macros the virus goes to work and starts encrypting.
What it will do
The virus encrypts any resource that it can reach. Any files you can see on your computer the virus can as well. the virus will also encrypt anything that it can find on your network, like files on your server or a shared network drive. If you have Dropbox or something similar, it will encrypt those files as well. It will start with the smallest files first in order to encrypt the most files it can before discovery.
What you can do to prevent infection
You may be thinking that you have anti-virus protection so you don’t have to worry. While anti-virus does offer some protection, viruses in general, and this virus in particular, change often to stay ahead of virus detection. The more layers of virus scanning you have the more likely it is to be caught but there is no guarantee that it will be. Even so, we do recommend that your email be with a provider that screens for spam as well as viruses.To paraphrase Smokey Bear: “Only you can prevent virus infections”. It is imperative that you open emails with caution. This is true from people you don’t know and for people you do know. Be EXTREMELY cautious in opening attachments and doubly so when asked to enable macros.
What you can do if you get infected
If you think you are infected the first thing you should do is reboot your computer as this will stop the current version of the Locky virus from encrypting any more files. Symptoms to look for are an EXTREMELY slow computer and files appearing with a “.locky” extension.At this point, you only have a few options. Hopefully, you are appropriately backing up your computers. Appropriate backup here generally means either cloud-based backup or you backup to a device on your network that has locked down permissions in order to help prevent the virus from encrypting it as well. Any attached USB drive will be encrypted just like everything else, and therefore, is not appropriate backup.If you are appropriately backed up then you can restore lost files from your backup. If you are using Dropbox, or something similar, let us take this time to once again stress that these services are NOT intended to be computer backups. That said, it may be able to retrieve deleted files from these programs, which will help you get your files back from THIS virus. However, it is a very labor-intensive process that will take a long time to do.If you do not have a backup and you need the files the virus has encrypted, then the only recourse is to pay the ransom. The ransom will have to be paid in Bitcoins. We have seen the cost for the ransom range from $400 to $1700, but your ransom may be even more.If you are concerned about your security or backup situation contact us. Our initial consultation is always free of charge.