Wednesday, June 29, 2016

Alert: New variants of Locky virus may not be detected by your anti-virus software.

Last week I was asked to check a computer that had been infected by the Locky malware. The malware encrypts the user's files and then holds them to ransom. This leaves the user in a bad situation. There's no guaranteeing even if the payment was made, you'd actually get your files unlocked.

In just two minutes before Microsoft's anti-virus software caught and removed the malware, hundreds of local files had been encrypted and all the contents of the inserted USB drive had also been encrypted.

In this case the user was very lucky. The USB drive was only used for transferring temporary files and the local files were able to be recovered.

I suspect had Microsoft's anti-virus software not kicked in when it did, the user would have been much worse off.

There's lessons here I'd like to share.

  • If you have a backup drive that's connected via USB, DON'T leave the drive connected. The contents could be encrypted.
  • Remove USB drives so they can't be encrypted.
  • Make sure you do a regular backup. It's your best defence against disaster.
  • Make sure you have up-to-date anti-virus software installed.
  • Keep in mind often the only thing stopping you from being infected, due to the time of release of new malware and the delay in anti-virus software being updated (24-48 hours), the only protection you really have is common sense.

As a test I just checked a suspicious email I literally just received and yes the attachment was the Locky malware. Only 7 out of 57 anti-virus software packages recognised the malware. None of the anti-virus packages commonly used in Australia would recognise the malware.

It is a good idea not to open attachments you're not expecting. A trick I've heard of, is scammers calling first to send an email so when received the email received it is expected, but it contains malware. Even emails from people you know may be from an infected computer. You really do need to be on your guard.

Don't click on links in emails even if they look legitimate. Scammers are very good at making things look legitimate. Preferably visit a site by opening your browser and entering the site's address.

Be alert. The Locky malware is particularly bad and there seems to currently be a number of imitators. The malware is particularly bad as it encrypts your files. If you're not backing up you files, now is a good time to start.

Kelvin Eldridge
www.OnlineConnections.com.au