At Pine Cove we are creating awareness about a cyber threat that is spreading like wild fire. This blog isn’t intended to scare you, but rather create awareness. By now I’m sure you have all heard of “Crypto Locker” which was pretty popular a few years ago where someone would click on a link and accidentally download the executable and it would encrypt their files and any mapped drives they had access to. The only way to recover was to either restore from a backup, or pay the ransom (Sometimes up to $1,000) to get the key from the hacker to un-encrypt the files.
This new variation called “Locky”, takes things to a whole new level. It was just released last week and stats show that it hit around 60,000 PC’s in the first 24 hours and doubling and tripling daily. Locky works in a similar fashion where a user clicks on a Word Document received via email titled “Invoice”. When a user clicks on it, it will tell them they need to enable Macros, once that is clicked the infection begins. Where this variant differs from the old Cryto Locker is this one spreads. It will reach out into your network and any computer it sees, whether its Windows, Mac, or Linux and encrypt the files on it and shared drives. Similar to Crypto Locker, you either have to pay a ransom to get these files back, or recover from backup and clean up all the infected machines it has spread to.
Things you can do to try and prevent Locky:
- Make End-Users/Employees aware
- Disable Macros from being executed on a machine either by Group Policy or Machine by Machine
- Make sure PC’s are patched with the latest security patches
- For current Sophos Customers reading this:
- We have made sure your Firewall is running IPS and ATP (Intrusion Prevention and Advanced Threat Protection)
- We have turned on Country Blocking to block all Countries except “USA, Canada, US Virgin Islands”
- We can create exceptions to single entities if there is a provider that needs accessed outside the U.S
Please let me know if you have any questions regarding any of this and I would be happy to discuss. Again this is not to scare you, but to make you aware of the threat and spread the word to employees to be extremely cautious opening anything that might look suspicious.
We will keep everyone up to date as we know and find out more.
If You Need Help:
If you need help with identifying your current risk or adminstering any of these recommendations, please reach out to our team at firstname.lastname@example.org or call 800.432.0346 and our team of consultants can quickly advise.
Below is a link that provides more detail into the Locky Virus.