You do know to be extra careful with emails whose source you’re unsure of, specially those ending in your spam folder, right? Well, beware of a recent trick that is able to cripple your entire computer system. A Locky ransomware is being propagated with the means of Microsoft 365 or Outlook attached in emails.
An email passed off as an invoice and a Microsoft Word file is being circulated — clicking on it can compromise your system.
Such spam emails are being used by hackers to fool users into installing a ransomware called “Locky” into their systems which is being spread at a rate of 4000 new infections per hour.
When a system is infected, you will find .locky extension files in the network shares. When this happens, the user has only two options: pay the ransom or doing it all over again for his system.
When the malicious Word doc is opened, it is downloaded into the system. If this file is then opened from there, a popup “enable macros” appears. This is when trouble starts: if the user enables the macro, an executable (the ransomware in question) from a remote server will be downloaded and once it is run, it will encrypt all the files and network of the computer system. Following encryption, a message to download TOR and visit the website of the attacker (for instructions of payment) appears. The victims are then instructed to pay from 0.5 to 2 bitcoins in exchange of the decryption key.