Locky, the new ransomware hidden in the attachment of the attachment

Ransomware is an increasingly widespread and aggressive threat. We are talking about a kind of virus able to block your computer, encrypt all your files and ask for a money ransom.

After the first ransomware spread, there were made giant steps trying to find and prevent them, but they became more and more unpredictable.

Locky is an excellent example of this trend: this is the new threat discovered by the Naked Security blog. It’s able to bypass quite any antivirus thanks to a clever hack. Locky comes via an email with a PDF attachment that, inspected with most antivirus products, seems safe and clean.

The bitter truth is the PDF includes an additional attachment Acrobat Reader tries to open. The document is then opened by Microsoft Word, which asks us to enable editing. If you allow editing, your PC will be infected. The editing option enables a VBA macro that allows the Locky downloads.

By hiding the threat in a clean attachment containing another malicious attachment, the ransomware can easily bypass the anti-virus filters. The only weapon to defend against such a threat is to open attachments that only come from trusted senders, but keep your eyes open. We also recommend installing RanStop and RansonFree together with your generic antivirus you need to keep updated.

Posted in:

Leave a Reply

Your email address will not be published. Required fields are marked *