There is news that the Locky ransomware has been reactivated and it is now spreading using a new spam campaign. Here is a summary of what you should know:

  • It’s  ransomware: the virus will encrypt the victim’s computer files until a ransom is paid to get them back
  • It spreads mostly via email. Beware of false invoice emails having “Payment” as a subject line from unknown senders and DON’T download the attached Word document. Here is an example from Fortinet.
  • It is spreading fast. It has already been detected in 133 countries.
  • The ransom is $2000, to be paid in Bitcoins.
  • It is not possible to decrypt the files once they are encrypted by Locky. There are very good reasons not to pay the ransom.
  • Locky is detected by Sophos, one of the three antivirus engines powering the FixMeStick.
  • The best approach is prevention. We strongly recommend:
    • Be very suspicious of emails from unknown senders (tips to avoid phishing)
    • Run a real time antivirus software. We recommend McAfee.
    • Backup your files in case you get infected. We recommend SOS Backup.