Monday, February 22, 2016

"Locky" Clever New Ransomware - Don't Open It!

I can see that notary signing agents could be a target for this type of malicious attack.

I received this today from my IT friend who manages 200+ computers in his department.

There is a new ransomware strain somewhat amateurishly called "Locky", but this is professional grade malware.
The major headache is that this flavor starts out with a Microsoft Word attachment which has malicious macros in it, making it hard to filter out.
The email message will contain a subject similar to ATTN: Invoice J-98223146 and a message such as "Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice".
When the Word document is opened, it looks like the content of the document is scrambled and the document will display a message stating that you should enable the macros if the text is unreadable. Here is a screenshot of how that looks:

Don't miss a post! Follow along by email!