Beware the LOCKY Virus – the latest Ransomware hitting Jamaica

Recently a new form of ransomware virus (Locky) was discovered that infects organizations and holds data hostage until a ransom is paid. The Locky virus is today sending a ripple of fear though the GOJ  network as several government agencies have already been hit.   See email advisory below.

This significant discovery signals a noteworthy shift in cybercriminal behaviour. The massive volume of Locky ransomware messages indicates that ransomware will increasingly be a bigger issue. This new form of ransomware originates from the cybercrime kingpins behind the highly-circulated banking Trojan, Dridex, so they must be seeing a return on their investment.

Here’s how Locky works:

  1. An email arrives in emails with a Microsoft Word attachment. The attachment is embedded with a malicious macro.
  2. When activated, the macro downloads Locky, which encrypts victims’ files based on their extension.
  3. Locky then displays a ransom message in the Windows notebook app and through a newly changed Windows desktop background. Victims are instructed to buy Bitcoins to receive a decryption app and release their files.

If you are infected with ransomware, don’t pay the attackers to recover your encrypted files.

Even if the attackers keep their word and decrypt your data, there is no guarantee that they will not leave other forms of malware running on the system. This malware could carry out other crimes, like sending spam emails, launching DDoS attacks and stealing personal/financial data for use in online fraud and identity theft.

Advisory sent out by the GOJ Cyber Incident Response Team (CIRT* ) yesterday to the government networks.

 From: Jamaica CIRT [mailto:cirtja@mstem.gov.jm]
Sent: Tuesday, March 1, 2016 3:22 PM
To: Moniphia Hewling <mhewling@mstem.gov.jm>
Subject: JMCIRT Alert – JMCIRT-2016-002
Importance: High

 (RWA-JMCIRT-2016-002) (Administrators)

First Release: February 20, 2016

Update: March 1, 2016

Advisory –Threats against GOJ Networks – Ransomware

Background

ThreatLockey Virus
ClassificationRansomware
Security AlertHigh! This is probably the most dangerous computer virus currently.Randsomware is perceived to be the single mostdangerous threat existing to any organisation.
  
Negative EffectsTotal encryption of your personal files.

Several GOJ MDAs have so far been hit with Ransomware infections. Users need to be careful when browsing and when opening emails with MSWord attachments.

Share this post:

Smart Technology, Better Business

Partners in your
digital E-volution