The Locky Virus

Dear Clients

 

We’ve been inundated with calls from client’s complaining about their spam mail. “It looks normal and has a word / excel file attached”. It even sometimes masks itself with the domain name, e.g. it will come from copy@mycompany.co.za. As soon as you double click it, it just looks like a corrupt document. Within seconds it spreads across the network and encrypts your files. Meet the Locky virus.

The Locky virus is mean and hides until it has corrupted all your files and then announces itself. 99% of the time, the only way to get rid of it is to format and reload. Most antiviruses / malware scanners won’t be able to pick it up yet. Even then, if the antivirus does clear it, your files are still encrypted and pretty much gone forever.

We have been testing various products against this virus, as it is new and it’s only been around for about a month. It’s a variant of ransomware, just a lot meaner and sneakier.

How do you NOT get infected?

-- DO NOT open ANY attachment unless you are expecting it – call the person if you need to confirm it.

-- Have an OFFSITE backup that is a week old – yes, do the backup NOW!

We are working on the best prevention method for servers. At the moment we are checking all our client’s servers every morning, luckily we were able to catch it on a client’s server this morning and it was only about 12 hours old. The Locky virus jumps across networks, USB drives, external hard drives faster than you can imagine.

How do you know you have it?

You won’t be able to open most of your “normal files”. You might see a _HELPsomething.txt file and all the extensions will change to LOCKY FILE.

What do you do if you find it?

The best possible solution if you find the Locky virus is to…

-- DISCONNECT NETWORK CABLES, INTERNET CONNETION AND REMOVE ALL USB DRIVES / EXTERNAL HARD DRIVES.

DO NOT switch off your PC – phone us right away!