I am sick and tired to see so many people affected by this wave of ransomware attacks.
I don’t want to go into details about Ransomware like Locky because it has been written quite a lot about it.
The most common way that Locky arrives is as follows:
- You receive an email containing an attached document.
- The document advises you to enable macros “if the data encoding is incorrect.”
- If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
- The saved file serves as a downloader, which fetches the final malware payload from the crooks.
- The final payload could be anything, but in this case is usually the Locky Ransomware.
Read more details here (NakedSecurity of Sophos).
Now, desperate people who just got all their document encrypted by Locky, search the web for possible solutions.
Locky scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time,
or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X or Linux.
And surprisingly, you find some… Or at least so it looks like …
The most important point
There is no way to decrypt the files without the private key. And that key you get only if you pay.
If you want to know why, read this article on Wikipedia about PKI and about the RSA encryption. You have to understand that no one can crack that encryption.
I do not recommend to pay!
But, some people might not have a choice and need to get their documents back.
How to prevent losing all your documents?
- First, and the most obvious: don’t get infected.
- Make backups ! Use programs like Dropbox, OneDrive, GDrive, etc. They do versioning and even if the malware encrypts the files you have locally, there is a last-good-version available in the cloud.
© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch