One hour infections by Feb 17th 2016

Warning: Locky Ransomware and How to Protect your Data

In recent we have detected amount of e-mails containing ransomware (virus) Locky.

Ransomware is a virus, which encrypts all your data using a key (password) that only the attacker knows. When a file is encrypted, it contains seemingly random and has to be decrypted before it can be used again. The virus then leaves a message with instructions where to send the money (ransom) to obtain the decryption key. The only way to recover your data is then paying the ransom.

With IBB Office Server or Cloud Server, your data is backed up on daily basis, enabling you to get your data back from the backup without paying the ransom. However, to avoid the process of backup recovery and slowdown of your business, we ask you to be careful when opening files downloaded from the Internet and especially email attachments from unknown senders.

Currently, the ransomware is trying to look as an invoice (subject is Invoice, Rechnung, …) or a scanned document (subject Scan from …). The message contains a word or document, which asks you to enable Macro execution (small programs that can be contained within documents). If you enable Macro execution, the ransomware will infect your computer and encrypt all local disks, as well as all the network shares you have access to.

A typical fake invoice with Locky:
locky-virus-file-encryption-1024x707

word-document

We are currently adjusting our spam filters to filter out these messages, while still delivering your usual word and excel documents.
Thank you for staying safe with us.

Read more on the ransomware in following article on our Wechat account by scanning the QR code and clicking on “View History” for the article.

ibbwechatqr

Tadas Plonis