Ransomware is shaping up to be the most significant threat from the hacker community in 2016. Over the last few days, Locky, a new piece of malware has been spreading like a wildfire across the Internet. The problem began February 16, when Locky was sent to 400,000 unlucky potential victims.
In its first form, it appeared as an email with a word document attached. The document appeared to be an invoice requiring payment. When the document was opened, a popup box appeared, asking for permission to run a macro. Rather than being a harmless Word macro, however, it was malware, and its effects are devastating.
Not only does it lock all the files on your computer with extremely strong encryption, it also locks your Bitcoin wallet if you have one, rendering it inaccessible to you. Additionally, it erases all the files your OS uses to make restorations in the event of data loss.
The software is exceedingly well designed, making it unlikely that a third party will be able to construct a hack that will allow victims to circumvent Locky, meaning that the only real hope you have of getting your files back is to pay the ransom (payable in Bitcoin, with a dollar value of around $400).
Unfortunately, Locky is not limited to just macros in Word documents. The ransomware can also be embedded in poisoned jpegs, video files, PDFs and other formats, making it a pervasive threat. It is currently infecting an average of five new computers per second, making it a significant global cyber security threat.
There are only two good ways of defending yourself against this type of attack. First, take regular, complete backups of your data, so that if you do get infected, you can restore from your offsite backups, and avoid paying the ransom. Second, be extremely careful about opening emails from parties you don’t know. You should NEVER click any links, or open any files coming from unknown parties.
This is a very different kind of threat than we’ve seen recently. The standard form of a ransomware attacks sees hackers targeting a particular institution, and demanding a large sum from a single target. In this case, the goal is to demand smaller ransoms, but attack on a global scale. In other words, it’s a full-blown security nightmare.
Be sure your staff is aware of this threat, make sure offsite backups are being taken on a regular basis, and it wouldn’t hurt to have another round of company-wide training on basic email security to drive the point home to all employees about the dangers of opening email from unknown, untrusted parties. That’s a less-than-perfect solution, but as things stand at the moment, it’s your best option.