Avoid the Latest Ransomware Locky

The latest cyber scam to hit businesses and organizations alike is called Locky. Yes, even cyber criminals lack creativity once in a while. As the article from Naked Security by Sophos describes, Locky is “a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky.”

Inconvenient? Yes, but that’s not all. Every file with this extension gets scrambled and the attackers hold the decryption key. To unscramble and make sense of your digital property, the decryption key goes on sale on the dark web.

Please review the article so you get a sense of exactly what and how it works. Always be suspicious of attachments, emails that contain gibberish and never enable macros on attachments you receive via email.

What else can you do?

Besides reminding you and your colleagues to practice safe Internet practices, often outlined by the Department of Homeland Security’s public awareness campaign called Stop. Think. Connect., be vigilant about the following:

1. When you get attachments via email, don’t enable macros
2. Don’t stay logged in to your network or your computer as an administrator. Do what you need to do and always log out when you’re done. Staying logged in is like being in your home with the doors unlocked. Sure we all do that, but it’s become a bigger vulnerability as of late. Log out when you’re done playing the administrator role.
3. Keep up with patches and malware. If someone else manages your computers and network, follow their lead when they ask you to keep computers on overnight so they can deliver important updates to your system. If you’re not sure if your computer is up to date, ask your IT team.

Remember that cybersecurity is everyone’s responsibility. If you see something suspicious on your system, disconnect it from the Internet and call your IT team to report the issue. If you don’t, you may have to start boning up on your Bitcoin-to-dollar conversation skills to recover what’s yours.