Recently a new form of ransomware virus (Locky) was discovered that infects organizations and holds data hostage until a ransom is paid. The Locky virus is today sending a ripple of fear though the GOJ network as several government agencies have already been hit. See email advisory below.
This significant discovery signals a noteworthy shift in cybercriminal behaviour. The massive volume of Locky ransomware messages indicates that ransomware will increasingly be a bigger issue. This new form of ransomware originates from the cybercrime kingpins behind the highly-circulated banking Trojan, Dridex, so they must be seeing a return on their investment.
Here’s how Locky works:
- An email arrives in emails with a Microsoft Word attachment. The attachment is embedded with a malicious macro.
- When activated, the macro downloads Locky, which encrypts victims’ files based on their extension.
- Locky then displays a ransom message in the Windows notebook app and through a newly changed Windows desktop background. Victims are instructed to buy Bitcoins to receive a decryption app and release their files.
If you are infected with ransomware, don’t pay the attackers to recover your encrypted files.
Even if the attackers keep their word and decrypt your data, there is no guarantee that they will not leave other forms of malware running on the system. This malware could carry out other crimes, like sending spam emails, launching DDoS attacks and stealing personal/financial data for use in online fraud and identity theft.
Advisory sent out by the GOJ Cyber Incident Response Team (CIRT* ) yesterday to the government networks.
From: Jamaica CIRT [mailto:cirtja@mstem.gov.jm]
Sent: Tuesday, March 1, 2016 3:22 PM
To: Moniphia Hewling <mhewling@mstem.gov.jm>
Subject: JMCIRT Alert – JMCIRT-2016-002
Importance: High
(RWA-JMCIRT-2016-002) (Administrators)
First Release: February 20, 2016
Update: March 1, 2016
Advisory –Threats against GOJ Networks – Ransomware
Background
Threat | Lockey Virus |
Classification | Ransomware |
Security Alert | High! This is probably the most dangerous computer virus currently.Randsomware is perceived to be the single mostdangerous threat existing to any organisation. |
Negative Effects | Total encryption of your personal files. |
Several GOJ MDAs have so far been hit with Ransomware infections. Users need to be careful when browsing and when opening emails with MSWord attachments.