About ransomware, Google malvertising and Fraud

I am sick and tired to see so many people affected by this wave of ransomware attacks.

I don’t want to go into details about Ransomware like Locky because it has been written quite a lot about it.

The most common way that Locky arrives is as follows:

  • You receive an email containing an attached document.
  • The document advises you to enable macros “if the data encoding is incorrect.”

  • If you enable macros, you don’t actually correct the text encoding (that’s a subterfuge); instead, you run code inside the document that saves a file to disk and runs it.
  • The saved file serves as a downloader, which fetches the final malware payload from the crooks.
  • The final payload could be anything, but in this case is usually the Locky Ransomware.

Read more details here (NakedSecurity of Sophos).


Now, desperate people who just got all their document encrypted by Locky, search the web for possible solutions.


Locky scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time,

or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X or Linux.



And surprisingly, you find some… Or at least so it looks like …


The most important point

There is no way to decrypt the files without the private key. And that key you get only if you pay.

If you want to know why, read this article on Wikipedia about PKI and about the RSA encryption. You have to understand that no one can crack that encryption.

I do not recommend to pay!

But, some people might not have a choice and need to get their documents back.


How to prevent losing all your documents?

  1. First, and the most obvious: don’t get infected.
  2. Make backups ! Use programs like Dropbox, OneDrive, GDrive, etc. They do versioning and even if the malware encrypts the files you have locally, there is a last-good-version available in the cloud.


© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity

Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.

Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch

About the Author

Sorin Mustaca
Sorin Mustaca, (ISC)2 CSSLP, CompTIA Security+ and Project+, is working since over 20 years in the IT Security industry and worked between 2003-2014 for Avira as Product Manager for the known products used by over 100 million users world-wide. Today he is CEO and owner of Endpoint Cybersecurity GmbH focusing on Cybersecurity, secure software development and security for IoT and Automotive. He is also running his personal blog Sorin Mustaca on Cybersecurity and is the author of the free eBook Improve your security .

Comments are closed.

%d bloggers like this: