We hate fear tactics- but this warrants your fear.
Locky is the nickname of a new strain of ransomware, so-called because it renames all your important files so that they have the extension .locky. It doesn’t just rename your files, it scrambles them first, and – as you probably know about ransomware – only the crooks have the decryption key.
You can buy the decryption key from the crooks via the so-called dark web using bit coins (BTC), with each BTC currently valued at about $450. Ransom varies according to the amount of data Locky scrambles, and can run into many thousands of dollars. Locky scrambles all files that match most extensions, including images, videos, source code and office files.
Early 2016 estimates state that Locky is currently infecting over 90,000 machines a day. There is no available fix or patch for a machine infected with ransomware (even the FBI has been defeated by ransomware cryptography), the problem currently seems to have no solution. If you get a pop-up or a phone call from some alleged IT company telling you they can take it off, they’re lying. Instead, they are cybercriminals themselves.
Ransomware attacks have increased in recent years. CryptoLocker alone procured an estimated $3 million before authorities acted to take it down. Cryptowall was estimated to have raked in over $18m by June 2015, with over 1,000 victims contacting the FBI’s Internet Crime Complaint Center to report infections.
If the ransom is paid, there is no guarantee that the attackers won’t simply take the money and demand more, or just refuse to decrypt your files, period. The FBI cautions users that ransomware can continue to operate in the background, logging keystrokes and capturing other personal information, even after professional services have cleaned and attempted to restore the machine.
While Locky is the newest strain of ransomware to emerge to date, the basics of ransomware attacks have not altered since the early days. The current breed of ransomware is far more prolific, predictable, stable and successful. The adversary is now able to very tightly control the post-detonation time limits, payment methodology, and spreading/infection methods. Added to that, these days we even have so-called turn-key services for non-technical folks to get in on the ransomware money-grab, such as Ransom32, Tox (defunct), and so on. This means your neighbor down the street may be sending it out.
Even if you pay up, you’ll still need to make sure that you decrypt everything that was affected, and that is no easy task. Worse still, if you miss the posted deadline for payment, you may find yourself left with zero options for recovery.
Proactive planning is the only protection against this cyber-beast. Please call the Millennium Group to learn about a new software you can purchase that is able to detect and prevent execution of Locky and other ransomware, using mathematical models built long before the actual malware was created. We’re in a new day, people. If you value your data or run a business, your action is required.