Cybercrime Protection! Beware Of Ransomware!

Cybercrime experts state that ransomware is infecting anywhere from 1 to 5 computers every second, and continues to rise!

cyber 1One of the latest forms of cybercrime, is a type of ransomware known as the Locky virus, which encrypts users’ files and demands bitcoin payments to decrypt them.

Many Sussex based businesses have informed us that they are sent an infected document via an email, which leads them to believe the document is a legitimate file. When the document is opened, it requests permission to run a Macro, which many victims allow. The infected macro then performs the dirty work of installing the ransomware and scrambling the victims’ files.

Within 24 hours, ransomware researchers managed to track nearly 60,000 newly infected computers, the vast majority found in Germany and the United States.


What Does Locky Do?

Locky ransomware begins its attacks from an infected Windows machine but can spread to other platforms like Linux and OS X via network connections. The ransomware encrypts different files, such as videos, images, PDFs, program source code, and Office files.

This includes files in any directory on any mounted drive that the infected computer can access, such as removable drives that are plugged in at the time or network shares that are accessible like servers and other people’s computers – no matter if they are running Windows, OS X or Linux. If an infected user is connected to a network with administrator controls, the damage can be significantly widespread.

Locky also encrypts Bitcoin wallet files, making it impossible to access the stored Bitcoins. While losing files is bad enough, the loss of a Bitcoin wallet makes victims even more willing to pay the ransom, particularly if the price of the ransom is less than the value of the Bitcoin stored in the encrypted wallets.

Security concept: computer keyboard with word Cyber Crime, selected focus on enter button background, 3d render

Locky even takes additional steps to bring victims to their knees. Once installed, a Burgess Hill based business informed us that the ransomware removes any Volume Snapshot Service (VSS) files or “shadow copies,” that users’ computers may have made. These shadow copies are a way Windows makes live backup snapshots of works in progress so if users forget to save, or the computer is unexpectedly shut down, those files can be recovered. Users can become dependent on the mechanism as their main backup and neglect making real backups. With a sophisticated ransomware like Locky on the loose, many victims in the South East may find themselves at the mercy of the attackers, which is why it is always important to have your data backed up.

Ransomware infections have been steadily rising over the last two years and are expected to continue growing throughout 2016. Having initially targeted individuals or small businesses, ransomware attacks have grown increasingly more sophisticated, with larger targets coming into focus. Nobody is safe!