Locky – a new Trojan horse that encrypts your files
It’s time to take caution because a new Trojan horse known as “Locky” is striking terror everywhere and is spreading like wildfire all over the internet. More and more infections have been reported in the past few days, especially in Germany – thousands of infections an hour, in fact! Like many other harmful programs, this Trojan horse also spreads via E-mail. Specifically, E-mails with infected Office documents attached are being sent to unsuspecting victims. These document contain a macro code which the Trojan horse installs as soon as the document is opened. The insidious trick here is that such documents are often passed off under the guise of an open invoice. The virus is now being spread by JScripts as well.
Once installed, the virus searches for certain file types which the developers of the virus assume to be private files of personal value, such as text documents and multi-media files. Files in accessible networks and cloud storages can also fall victim to the virus. These files are then encrypted by Locky so that the user can no longer open them. Instead, the user is demanded to pay the developers ransom money to decrypt the files. Unfortunately, there is no way at present to remove the virus from the system once it has been activated. As soon as you detect that Locky has infected your system, you should shut your system down as quickly as possible – even the rough way by pulling the plug on your computer. This way, you can at least prevent the Trojan horse from causing even more damage. You can then remove the virus with a disinfection CD and attempt to restore the encrypted files. However, this approach only works for files which Windows has made a “shadow copy” of. Unfortunately, Locky will also delete these files, which severely limits your chances of success.
That’s why it’s better to take preventative action so that you won’t even catch the virus in the first place. This means there are basic rules for protecting your system from external attacks (which you should already be following anyway).
Do not open file attachments on E-mails from senders you don’t know, and back up important files on a separate data medium. Make sure to keep your antivirus program up to date at all times. You should also update your operating system and other programs regularly, since these updates often close security loopholes which Trojan horses take advantage of.
Specifically for this virus, you can configure your MS Office not to run any macro code at all, or only to do so upon confirmation from you.
If you have already fallen victim to Locky, make sure to keep the encrypted files. Since the virus is quite new, there is no way to reverse the damage right now, but this may change over time. This makes it all the more important look for updates on a regular basis.
How can you protect yourself?
The only effective protection in a worst-case scenario is to have a backup on hand which can reliably restore your data. This is also recommended by the BSI (German Federal Office for Information Security).
Paragon Backup & Recovery
That’s why we recommend our solution Backup & Recovery 14 Free Edition for personal backups.
You can get it for private use free-of-charge at www.paragon-software.com/home/br-free/.
The expanded for-pay version of Backup & Recovery 15 Home can be had at a reduced price of just $19.95 (until March 15, 2016) as a single license, or as a family license (3 PCs in one household) for just $ 34.95.
Don’t wait: today is the best day for a backup!