There is news that the Locky ransomware has been reactivated and it is now spreading using a new spam campaign. Here is a summary of what you should know:
- It’s ransomware: the virus will encrypt the victim’s computer files until a ransom is paid to get them back
- It spreads mostly via email. Beware of false invoice emails having “Payment” as a subject line from unknown senders and DON’T download the attached Word document. Here is an example from Fortinet.
- It is spreading fast. It has already been detected in 133 countries.
- The ransom is $2000, to be paid in Bitcoins.
- It is not possible to decrypt the files once they are encrypted by Locky. There are very good reasons not to pay the ransom.
- Locky is detected by Sophos, one of the three antivirus engines powering the FixMeStick.
- The best approach is prevention. We strongly recommend: