If you’re lucky, your company is not one of the hundreds of thousands targeted by the new Locky virus, ransomware that encrypts users’ files and demands a bitcoin ransom to decrypt the files.
But even if you haven’t been targeted yet, security experts say there is a good chance that you will be. That’s why you need to be prepared to protect your company.
The .locky virus is just the latest ransomware attack on the public, and it is one of the most dangerous threats we’ve seen.
The virus so far has been delivered via email in the form of an attached Word document that looks like an invoice, but which includes a malicious macro. When the document is opened, it requests permission to run a macro. The infected macro installs the ransomware and encrypts the victims’ files.
The Locky virus made the national news when Hollywood Presbyterian Medical Center in California reported that it had paid about $17,000 in ransom for the decryption key required to unlock its files after it was hit by the virus. Since then, reports are that as many as 400,000 may have been infected.
Things to be aware of:
- Ransomware’s effects are not limited to your local hard drive!If activated, the encryption will not only affect files on your local hard drive; it will also travel to any connected external drive including network drives. This is why it is important to warn employees within your organization.
- The virus will encrypt your backup data if you have backed up to your local drive
Back up only to devices that can be removed from your computer. Or, use online backups such as Carbonite.
- The virus is usually transmitted via email using phishing techniques or compromised websites offering downloads. The virus may appear to come from a trusted contact.
- Currently there is no way to decrypt without the original decryption code.
What should you do?
Fortunately, there are several essential steps you can take to protect your systems, including:
- Make sure your antivirus software is up to date
- Ensure that you have the most recent versions of Microsoft products, which have macros set to “disable” automatically
- Make sure macros are disabled in Internet browsers (a fast way to do this is to reset your browser to “factory settings”)
- Create a process to make regular and timely back-ups. Take full and not just incremental backups
- Backup regularly and keep a recent backup copy off-site.
Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
- Check to make sure your backup is not infected, and then test it to make sure you can reinstall entirely from it
- Don’t give yourself more login power than you need.
Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.
- Consider installing the Microsoft Office viewers if using older Office versions.
These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake! Microsoft Office 2013 or 2016 will already have this feature.
- Update your software often. Malware that doesn’t come in via document macros relies on security bugs in familiar applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain where hackers can enter your system.
- Make sure all the employees in your organization are educated about this and other viruses
The use of spam filters and scanners are a great way to reduce the threat, however, if you have an employee using other personal email services too which include attachments there could be problem.
This last step is critical, as the hackers are counting on human error. A common problem is for one employee to forward the email to someone else, who then trusts the attachment. Train your employees not to open any attachment from a source unknown to them.
As software consultants, we take our responsibility to keep our clients and their data safe. If you have questions, please call us.
Let’s be careful out there.