Posted on February 25, 2016
Ransomware dubbed “Locky” is spreading via email, in the form of a Word file attached to e-mail messages. Locky email is translated to various languages and localized by region.
E-mails with this type of ransomware may look something like:
Once the Word attachment is opened, users see scrambled content and are asked to enable macros. When/if macros are enabled, the malware spreads, and encrypts nearly all file formats as hash.locky files including any mounted USB sticks and network file shares.
Once encrypted, users receive the following:
Locky ransomware typically asks victims to pay between 0.5 and 2 Bitcoins ($208 – $800) for the decryption key.
The antivirus software available through McNeese, Sophos, may not provide full protection against all variants of this malware.