New ransomware wreaking havoc

This is the first strain of ransomware we’ve seen that starts out with a Microsoft Word attachment which has malicious macros in it, making it hard to filter out. Already, hundreds of thousands of computers have been infected. Here’s how it works: The email message contains a subject similar to “FedEx” and a message such as, “Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.” When the user opens the document, the content appears scrambled and unreadable. A message will display stating that “you should enable macros if the text is unreadable.” If the user enables the macros, an executable is downloaded from a remote server and executed.

The file, stored in the “Temp” folder, is the Locky ransomware, and once in, will scramble your files, rename them and only the crooks have the decryption key.

User awareness is the first step in making any computer network more secure. Never open attachments or links from people you do not know.

FAZAL MOHAMMED via email

Comments

"New ransomware wreaking havoc"

More in this section