Beware “Locky’s” Malicious Macros.

Ransomware has been common for a while, and it has been somewhat simple for users to avoid it by not opening random .exe’s from the internet. However, this sort of malware continues to increase in sophistication, and now has brought back the infected Microsoft Office document. So you should now increase your suspicion of attached .docx etc files. This sort of attack is spreading across OSs as well, some are out for Mac OSX and Linux, so don’t think you can’t be infected because you don’t use Office. It’s a good idea to scan any files you download from the net and save and scan, rather than directly open, any e-mail attachments.

Beware! ‘Locky’s’ malicious, macros is a new crypto-ransomware that could be arriving in your inbox today. Recently, security researchers have discovered that a new type of malware exists, named ‘Locky.’ One way that ‘Locky’ installs itself and its components on your computer is through e-mail, in the form of an attached invoice. The e-mail’s subject line is an invoice number beginning with the letter J.

Once the e-mail is received and the Word attachment is opened, the user will see garbled text in the document with the following: ‘Enable macro if the data encoding is incorrect.’ This means that Microsoft Office has not enabled macros and the virus is still contained. However, when the user follows these instructions and Macros is then enabled, Locky’s malware installation begins.

So, what happens next? Locky will essentially hold the victim’s infected computer and files for ransom. Reportedly, members of the dark web attempt to collect funds from the victims who are hoping to recover from the vicious virus by leaving payment instructions on the computer’s changed wallpaper. Symantec indicated that ransom prices for the encryption key have varied between 0.5 and 1 bitcoin, or $210 to $420 USD.

Symantec also advised that Locky is being disseminated through spam campaigns in epic proportions. As of February 17, 2016, Symantec blocked more than 5 million Locky associated e-mail campaigns. In efforts to stay clear of Locky, make sure that you do not enable macros in unsolicited document attachments received through e-mail.

Lastly, you may avoid enabling Macros altogether by install ing Microsoft Office Viewers. Office Viewers are not macro supported and allow its users to view documents without opening attachments in Word at all.

For additional information about technical details, see the below links:

Symantec. (2016). Locky ransomware on aggressive hunt for victims. Millions of spam emails spread new ransomware variant on the day it first appeared. Retrieved from: http://symc.ly/1UOISds.

Naked Security by Sophos. (2016). “Locky” ransomware-what you need to know. Retrieved from: http://bit.ly/1SzxL8m.

Trend Micro. (2016). New Crypto-Ransomware Locky Uses Malicious Word Macros. Retrieved from: http://bit.ly/1U0CK2x.

Skip to toolbar