One of our clients was recently infected with a variant of the Locky ransomware virus.
Ransomware is a type of virus that encrypts your data files. It is designed to prevent you from seeing your pictures, documents, and other files, and forcing you to pay to get your files back.
Ransomware viruses utilize more than one way to spread themselves. E-mails with attachments are the most common. Those e-mails try to convince unsuspecting users that the messages they convey are important, as is the attached file that comes with each one of those e-mails.
The file is presented as an invoice or something similar. The email address that it comes from uses an address that looks legitimate. It may even look like it’s coming from within your company. The files might look harmless, but they are the source of the infection. If you open one of these attachments, your computer will get infected, and your files will be encrypted.
Here are some examples of file attachments that ransomware uses, with the first being the most common:
CJPOG21534.wsf
newdoc12.zip
doc0.zip
untitled9.zip
There are situations where a .wsf is attached, and sometimes it has a hidden 1-character file along with it. Other spam email campaigns which spread ransomware place the payload files in a zip file. Researchers have also sighted some .rtf documents which are spreading the infection, but are password protected, so it’s harder for security software to detect it. JavaScript and Windows Script are also used to initiate a download of the payload file, which is, in most cases, a DLL file.
Different methods for spreading the newest infection could be using social media services and file sharing networks. Be careful when surfing the Internet and avoid suspicious e-mails, links, and files. Check downloaded files for their signatures and size, and scan them with antivirus software before thinking of using them.