The Locky Virus
Dear Clients
We’ve been inundated with calls from client’s complaining
about their spam mail. “It looks normal and has a word / excel file attached”.
It even sometimes masks itself with the domain name, e.g. it will come from copy@mycompany.co.za. As soon as you
double click it, it just looks like a corrupt document. Within seconds it
spreads across the network and encrypts your files. Meet the Locky virus.
The Locky virus is mean and hides until it has corrupted all
your files and then announces itself. 99% of the time, the only way to get rid
of it is to format and reload. Most antiviruses / malware scanners won’t be
able to pick it up yet. Even then, if the antivirus does clear it, your files
are still encrypted and pretty much gone forever.
We have been testing various products against this virus, as
it is new and it’s only been around for about a month. It’s a variant of
ransomware, just a lot meaner and sneakier.
How do you NOT get infected?
-- DO NOT open ANY attachment unless you are
expecting it – call the person if you need to confirm it.
-- Have an OFFSITE backup that is a week old – yes,
do the backup NOW!
We are working on the best prevention method for servers. At
the moment we are checking all our client’s servers every morning, luckily we
were able to catch it on a client’s server this morning and it was only about
12 hours old. The Locky virus jumps across networks, USB drives, external hard
drives faster than you can imagine.
How do you know you have it?
You won’t be able to open most of your “normal files”. You
might see a _HELPsomething.txt file and all the extensions will change to LOCKY
FILE.
What do you do if you find it?
The best possible solution if you find the Locky virus is
to…
-- DISCONNECT NETWORK CABLES, INTERNET CONNETION AND
REMOVE ALL USB DRIVES / EXTERNAL HARD DRIVES.
DO NOT switch off your PC – phone us right away!
Comments
Post a Comment