Avira Virus Lab researchers detected a new variant of the well-known Locky ransomware in the wild. This has been seen attached to what look like legitimate documents from standard applications such as Microsoft Word and Libre Office.

Once you open the document a set of actions will end in all valuable files being encrypted.

For those more technical:

  1. The click on the file will trigger a number of PowerShell commands, which you can see as they are in plain text.
  2. It downloads a Windows application which includes several stages in order to confuse and obfuscate itself, tricking people into thinking it’s a clean file.

This second file is the responsible for encrypting your files on your computer.

As you can see, the bad guys don’t stop creating new stuff to keep us busy.

Remember to keep a good security hygiene when browsing the internet and opening attachments.

Be safe out there. Until next Malware Monday.

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email
Subscribe To Our Newsletter

More To Explore

Windows 11 New Features

Introducing The New Windows 11 and the Top Features!

Are you prepared for the new Windows 11 rollout? In this blog, we uncover some of the most exciting new features and how to best migrate your current version of Windows 11 over. Learn more about our favorite new features, and our tips for migration and adoption.

Read More »

Find out what our team can do for your business.