ThinkstockPhotos-477695632Cybercrime is an unfortunate part of doing business these days. As much as new digital security measures help to keep consumers safe, there will always be cybercriminals working day and night to find new ways to infiltrate professional IT environments.

A recently popular type of ransomware is the “crypto” variety. Crypto ransomware works by encrypting a victim’s files (making them unreadable), and only offering the key to recover the files after a bitcoin ransom has been paid. Sophos recently published an article from which Neoscope developed a vital security bulletin on the “Locky” crypto ransomware.

Get in touch with us to learn how to protect your data with effective IT security services. Reach out to Neoscope at (603) 505-4902 or info@neoscopeit.com today.
How does Locky work?

Locky is named for the fact that it gives all encrypted files the extension “.locky”
Ransoms vary in price from ½ to 1 bitcoin (approximate cost of $200 – $400)
Locky arrives as an email attached office document which reads as gibberish
This document advises you to enable macros “if the data encoding is incorrect”
If you enable macros, Locky executes code from the document and encrypts your files
While scrambling all your files, Locky changes your desktop wallpaper to a ransom note, with instructions on how to provide the bitcoin payment

Unfortunately, once Locky has run, there’s no way to get your files back, unless you have a recent backup you can restore from or you pay the ransom, something we never recommend unless you want to become a huge target for future ransomware attacks.
How do you protect your business from Locky and other crypto ransomware?

Backup regularly and keep a recent backup copy off-site. Fires, floods, theft, accidental damage, and human errors can all cause data loss, so be sure to backup your data so you won’t have to worry about it falling into the wrong hands.

Don’t enable macros in document attachments received via email, as most malware infections require you to do so for them to work.

Be cautious about unsolicited email attachments. If in doubt, call the sender to confirm they meant to send you the file and for what purpose.

Limit your use of local administrator privileges where possible.
Consider installing Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Microsoft Word or Microsoft Excel. Office 365 includes these viewers by default.

Patch early, and patch often. Malware often relies on security bugs in popular applications. The sooner you patch, the fewer open holes there are for cybercriminals to exploit.

Limit all inbound Internet access into your work network to multi-factor authenticated VPN tunnels.

Ensure your password complexity is enabled and that Active Directory is configured to lock accounts for 15 minutes after a finite number of failed login attempts (usually 5 – 10).

Want to keep your business safe? Get in touch with Neoscope today at (603) 505-4902 or info@neoscopeit.com to discuss reliable IT security solutions and practices.