Locky ransomware in fake invoices
What’s the threat?
Email messages that claim to have invoices attached – but actually contain ransomware such as Locky – are the biggest malware threat facing computer users, according to security experts.
Researchers at US cyber-security company Proofpoint say phishing emails are now the “number one infection vector” for ransomware, which has cost victims $1 billion (£830 million) in 2016 alone. Fake invoices demanding payment account for almost half of all recorded phishing campaigns, making them the top trap by far (see screenshot for an example).
Other common phishing traps, according to Proofpoint’s new report of the top five email “lures” ( www.snipca. com/22153), include: ‘Click here to open your scanned document’, ‘Your shipping receipt is attached’, ‘Please verify this transaction’ and – more likely to snare business victims – ‘I want to place an order’.
Locky was discovered by Proofpoint in February, and by June 2016 it accounted for 69 per cent of malware spread by phishing emails. It now has a number of variants, including Zepto and the newly discovered Odin. It’s often embedded in a Microsoft Word attachment that you’re lured into opening. You’re then prompted to ‘enable macros’ – effectively deep system permissions. Locky then encrypts your files and demands a ransom of around 1 bitcoin (£525) for unlocking them.
What should you do?
Proofpoint recommends blocking all email messages containing executable code (usually ‘.exe’ or ‘.js’ files), but this wouldn’t stop Locky, which is usually spread via ‘.doc’ or ‘.rtf’ files. Instead, avoid opening attachments in emails from senders you don’t know. Never, ever enable macros if asked to do so by an email attachment.
If you’ve been infected by Locky or any type of ransomware, do not pay the ransom. There’s no guarantee it’ll work, and by paying you’re just supporting the hackers’ business. You can find updated Locky removal instructions here: www.snipca.com/22154.