Locky is one of the top Ransomware threats, and because of its popularity it went through several updates this year. The last update was recently on July 12th, 2016. Who is behind the Ransomware, Locky? The Russian Cyber Mafia! The newest version of the virus can now encrypt your files even when their code can’t reach its Command & Control center. The July 12th version starts encrypting files even when your computer is offline or a firewall blocks communication.
Locky is taking over! There are reports that Locky recently reached 120,000 hits per hour (200 times more than spams hits in a regular day). The Locky Ransomware campaigns have zip attachments which contain JavaScript files. The files can be easily downloaded without any additional software. When Ransomware is downloaded on your computer, it normally sends a message back to the source. If the code is unable to connect back to the source the Ransomware cannot start the encryption process and is dead in the water. For each infection the encryption process needs unique public-private key pairs that are generated by the Command & Control server for each infection. How does the encryption process work?
1. The Ransomware produces a local encryption key and uses an algorithm to encrypt files.
2. The virus communicates with the Command & Control server to ask the machine to produce an RSA key (one of the first practical public-key cryptosystems and is widely used) for the infected system.
3. The public key is sent back to the infected machine and used to encrypt the local key from first step. The private key (needed to decrypt what the public key encrypted), remains on the source’s server. This private key is what you get when pay the ransom money (used for decryption).
Due to this process, Ransomware viruses are useless if firewalls detect their attempt at calling the source and block it as suspicious. Or the same is true if the computer is immediately shut off from the network when the virus is detected. However, with the new updated Locky virus, it will encrypt your files anyway. You have only one to two minutes from the start of the infection to the offline encryption to stop the virus.
The good new is (if any), we might see a free decryption available in the near future. Why? When a victim pays the ransom and gets the private key to decrypt the files, the key will work for all victims with the same Locky configuration.
Malware will always be a pain, but it doesn’t have to jeopardize your company. With our comprehensive IT Support we can protect your business from scams such as this. We can remotely find and eliminate threats, as well as equip your business with powerful security tools to keep damaging malware out of your system. Don’t become the next Ransomware victim; contact us at Symmetric IT Group to learn more about our Managed IT Service in Florida and Orlando, Miami.