Vulnerable computer systems and applications:
Locky is ransomware, a variant of computer viruses which aim to encrypt important files to force victims to pay a ransom. The ransomware enters computers via malicious email attachments. When the infected file is opened, Locky downloads and installs on the computer. It then proceeds to encrypt files in a matter of seconds. The malware deletes Shadow Copies to make file decryption more difficult.
Recommendations for prevention:
- Regularly create and update file backups;
- Use strong spam email filtering tools such as Sender Policy Framework, Domain-based Message Authentication, Reporting & Conformance or DomainKeys Identified Mail;
- Use and regularly update antivirus programs;
- Disable automatic macro launch in Microsoft Office programs.
Recommendations for those infected:
- Isolate the infected computer from the external network;
- Perform a full system scan with an antivirus program;
- Restore encrypted files from backup.