Skip to main content

Meet Locky, Your New Worst Nightmare

By February 23, 2016March 6th, 2023Blog, Technology News

Meet_Locky__Your_New_Wors_122074_224010Ransomware is shaping up to be the most significant threat from the hacker community in 2016. Over the last few days, Locky, a new piece of malware has been spreading like a wildfire across the Internet. The problem began February 16, when Locky was sent to 400,000 unlucky potential victims.

In its first form, it appeared as an email with a word document attached. The document appeared to be an invoice requiring payment. When the document was opened, a popup box appeared, asking for permission to run a macro. Rather than being a harmless Word macro, however, it was malware, and its effects are devastating.

Not only does it lock all the files on your computer with extremely strong encryption, it also locks your Bitcoin wallet if you have one, rendering it inaccessible to you. Additionally, it erases all the files your OS uses to make restorations in the event of data loss.

The software is exceedingly well designed, making it unlikely that a third party will be able to construct a hack that will allow victims to circumvent Locky, meaning that the only real hope you have of getting your files back is to pay the ransom (payable in Bitcoin, with a dollar value of around $400).

Unfortunately, Locky is not limited to just macros in Word documents. The ransomware can also be embedded in poisoned jpegs, video files, PDFs and other formats, making it a pervasive threat. It is currently infecting an average of five new computers per second, making it a significant global cyber security threat.

There are only two good ways of defending yourself against this type of attack. First, take regular, complete backups of your data, so that if you do get infected, you can restore from your offsite backups, and avoid paying the ransom. Second, be extremely careful about opening emails from parties you don’t know. You should NEVER click any links, or open any files coming from unknown parties.

This is a very different kind of threat than we’ve seen recently. The standard form of a ransomware attacks sees hackers targeting a particular institution, and demanding a large sum from a single target. In this case, the goal is to demand smaller ransoms, but attack on a global scale. In other words, it’s a full-blown security nightmare.

Be sure your staff is aware of this threat, make sure offsite backups are being taken on a regular basis, and it wouldn’t hurt to have another round of company-wide training on basic email security to drive the point home to all employees about the dangers of opening email from unknown, untrusted parties. That’s a less-than-perfect solution, but as things stand at the moment, it’s your best option.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.