6 Tips To Protect Your Organization From The New Locky Ransomware Attack There is a new, more malicious, variant of the original Locky Ransomware. It’s spread by spam email that comes with a .zip attachment, containing a .js or .vsb file inside. According to reports, it’s already been sent to tens of thousands of email addresses. If your system is infected with Locky Ransomware, your data will be encrypted and there is no known decrypt currently available. Additionally, it is possible for this malware to spread through networks, so it’s critical that employees receive proper training on how to avoid this issue. Here are six tips to reduce the likelihood that your system would be infected with Locky Ransomware: If you receive an email attachment of any kind, treat it with caution – especially if it’s a .zip file. Before opening any attachment, ensure that you know the sender and that you were expecting an attachment from them. Double-check email headers to ensure they are legitimate. Remember: "When in doubt, throw it out!" Offline backups are critical. Additional services, such as managed backup or disaster recovery, provide a second layer of protection to your organization. Regular training is important to keep your employees aware and vigilant at all times. What is Locky Ransomware? The original Locky Ransomware made the rounds last year, but is back again. Locky “kidnaps” access to your network, applications, or data until you pay the hackers a certain amount of money. It does this by encrypting certain data, so you can’t get to the information, or blocks access to systems and applications. Locky Ransomware infects your computer or device with a Trojan virus from phishing emails. Once it is installed, a ransom message usually pops up when you restart your device. Ransomware attacks like Locky are increasingly popular among hackers, as they have primarily shifted away from servers and on to endpoints. In general, endpoint users are typically less technical and have different levels of trust. The FBI expects the ransomware industry to reach $1 billion for cybercriminals this year, and the government reports that more than 4,000 ransomware attacks happen every day. According to a Ponemon Institute report, 56 percent of organizations are not prepared to fight ransomware attacks. If your organization has been affected by ransomware, consider these four steps recommended by Fortinet: Isolate infected devices immediately by removing them from the network as soon as possible to prevent ransomware from spreading to the network or shared drives. If your network has been infected, immediately disconnect all connected devices. Power-off affected devices that have not been completely corrupted. This may provide time to clean and recover data, contain damage, and prevent conditions from worsening. Contact law enforcement immediately to report any ransomware events and request assistance. You can file a complaint at www.ic3.gov and provide the following information (as stated by the FBI): Date of Infection Ransomware Variant (identified on the ransom page or by the encrypted file extension) Victim Company Information (industry type, business size, etc.) How the Infection Occurred (link in e-mail, browsing the Internet, etc.) Requested Ransom Amount Actor’s Bitcoin Wallet Address (may be listed on the ransom page) Ransom Amount Paid (if any, not recommended) Overall Losses Associated with a Ransomware Infection (including the ransom amount) Victim Impact Statement Steps to Ensure You’re Prepared It’s not enough to just be reactive. Your organization needs to be proactive in how it approaches Locky Ransomware and other forms of ransomware. Here are eight steps to defend against attacks: Employee awareness: This is important enough to bear repeating, because the number one element to preventing ransomware from invading your devices and network is the human element. Educate your employees on how to identify phishing emails, malware, and ransomware. Continuous education and testing of employees’ understanding through internal phishing campaigns are crucial pieces to the ransomware solution. Back up regularly: As mentioned above, make sure you’re backing up data on a regular basis. Also, it’s a good idea to test your backups often to ensure they are operating as planned and can be efficiently restored. Update and patch regularly: Make patches and updates on your system, software, and firmware a frequent occurrence. For more information on updates and end of life support dates,read our post here. Limit administrative access: Don’t allow employees to have administrative account access. This will restrict what a ransomware attack could potentially infect. Have software restrictions: Prevent ransomware attacks from infiltrating and running common programs with a software restriction policy, or put access controls in place. Eliminate macros: Macros automatically perform frequent tasks, but they can be disabled. Disabling macros will ensure malicious content doesn’t automatically load. Block internet ads: Many third-party ads have some type of malware. It’s best to avoid the risk by disabling all internet ads on devices. Have a plan: Having a plan in place is essential for preparedness. This plan should thoroughly lay out response and solution details should your organization fall victim to an attack. Whether it’s your organization’s network that gets infected or an individual PC, the impact of Locky Ransomware can be devastating. You can permanently lose important and private information, you can expose critical flaws in your organization, impact your reputation, and potentially lose a lot of money. However, even if you pay the ransom, it doesn’t guarantee that you’ll get the data back. The FBI recommends that you don’t pay the ransom, because it will only encourage cyber criminals and keep ransomware attacks like Locky thriving. Do you have security in place to protect yourself from Locky Ransomware? Steve Simpson Steve Simpson is an experienced Account Executive at Aureon, where he works with business leaders and technical resources to explore new ideas. For the last 30 years, his efforts have been focused on providing technology services in healthcare, manufacturing, banking, state/local government, and senior living communities.