The ransomware Locky concerned Cert-Fr. Cert published in mid-February the first warning about this ransomware, named because of .locky extensions that places side by side to encrypted files by him. The first wave of distribution of this ransomware was through a spam campaign “whose blocking rate by the anti-spam gateways is relatively low,” then alerted the Cert-FR. Malicious mails sent back the user to a Word document that called to enable macros once it opened. If the user accepts the file download Locky then infects the target machine.
the first wave detected in mid-February was to “ATTN: Invoice & lt J- ; 8 digits & gt; ” that could alert users receiving this message on its fraudulent nature. But the Cert-en issued a new warning on March 2 after a change of strategy on the part of the operators of the malware.
These have indeed reviewed their strategy to target French Internet by concealing their malware as an attachment to a fake email invoice FreeMobile the operator. The strategy is much the same: the malware prompts to download an invoice, contained in a .zip file that contains malicious JavaScript file that will download Locky on the target machine.
Locky is a classic ransomware which the procedure is to encrypt files on the machine and then demand a ransom to deliver the user a decryption key allowing it to recover its data. The software feature is its ability to tackle many types of files or encrypt access to the computer files on other machines, making it potentially destructive to a corporate network. If infected, the Cert-en therefore advised to consider all the machines connected to the network to the target machine as infected.
The Cert-en describes several protection measures and gives several markers compromises to the administrators who wish to guard. But as Kaspersky notes, more than 60 variants of Locky has already been detected by its tools, which pushes the antivirus companies to develop each new signatures to protect users. Locky has already made about him in the attack that had recently paralyzed a US hospital and had forced its leaders to pay the sum of $ 17,000 to restore access to the system.
ZDNet accompanies you
5 applications to recover deleted data
No comments:
Post a Comment