Call: 1300 422 542

Avira Virus Lab researchers detected a new variant of the well-known Locky ransomware in the wild. This has been seen attached to what look like legitimate documents from standard applications such as Microsoft Word and Libre Office.

Once you open the document a set of actions will end in all valuable files being encrypted.

For those more technical:

  1. The click on the file will trigger a number of PowerShell commands, which you can see as they are in plain text.
  2. It downloads a Windows application which includes several stages in order to confuse and obfuscate itself, tricking people into thinking it’s a clean file.

This second file is the responsible for encrypting your files on your computer.

As you can see, the bad guys don’t stop creating new stuff to keep us busy.

Remember to keep a good security hygiene when browsing the internet and opening attachments.

Be safe out there. Until next Malware Monday.

Share This Post
Share on facebook
Share on linkedin
Share on twitter
Share on email
Subscribe To Our Newsletter

More To Explore

Phony LinkedIn Job Postings
Hints and Tips

Phony LinkedIn Job Postings

It was recently discovered that job postings on LinkedIn aren’t as secure as you might expect. Anyone with a LinkedIn profile can anonymously create a

Read More »

Find out what our team can do for your business.