How Just Opening an MS Word Doc Can Hijack Every File On Your System

5343 662 30 11 6201

[image: ransomware-hacking-windows-computer]

If you receive a mail masquerading as a company’s invoice and containing a
Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic
destruction.

Hackers are believed to be carrying out social engineering hoaxes by
adopting eye-catching subjects in the spam emails and compromised websites
to lure the victims into installing a deadly ransomware, dubbed “*Locky*,”
into their systems.

So if you find *.locky extension files* on your network shares,
*Congratulations!* You are infected and left with just two solutions:
Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of *4000 new infections per hour*,
which means approximately *100,000 new infections per day*.

Microsoft MACROS are Back

It is hard to digest the fact that, in this 2016, even a single MS Word
document could compromise your system by enabling ‘*Macros*.’

This is where the point to appreciate hacker’s sheer brilliance of tactics.
[image: phishing-email-Locky Ransomware]

Locky ransomware is being distributed via Microsoft 365 or Outlook in the
form of an Invoice email attachment (Word File that embeds vicious *macro *
functions).

The concept of macros dates back to 1990s. You must be familiar with this
message: *”Warning: This document contains macros.”*

Now macros are back, as cyber criminals discover a new way to get internet
users to open Microsoft Office documents, especially Word files that allow
macros to run automatically.

How Does Locky Work?

[image: locky-ransomware-derypt]

Once a user opens a malicious Word document, the doc file gets downloaded
to its system. However, danger comes in when the user opens the file and
found the content scrambled and a popup that states *”enable macros”.*

*Here comes the bad part:*

– Once the victim enables the macro (malicious), he/she would download
an executable from a remote server and run it.
– This executable is nothing but the Locky Ransomware that, when
started, will begin to encrypt all the files on your computer as well as
network.

Locky ransomware affects nearly all file formats and encrypts all the files
and replace the filename with *.locky *extension.

Once encrypted, the ransomware malware displays a message that instructs
infected victims to download TOR and visit the attacker’s website for
further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to
$800) in order to get the decryption key.

One of the interesting note on Locky is that it is being translated into
many languages, which heighten its attack beyond English boundaries to
maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files

The new ransomware also has the capability to encrypt your network-based
backup files. So it’s time for you to keep you sensitive and important
files in a third party storage as a backup plan in order to evade
future-ransomware infections.

A researcher named* Kevin Beaumont* along with* Larry Abrahms* of
BleepingComputer initiallydiscovered

the
existence of Locky encrypted virus.

To check the impact of Locky, Kevin successfully intercepted the Locky
traffic yesterday and realized that the cryptovirus is spreading out
rapidly in the wild.

“I estimate by the end of the day well over 100,000 new endpoints will be
infected with Locky, making this a genuine major cybersecurity incident — *3
days in, approximately a quarter of Million PCs will be infected*,” Kevin
said in a blog post

.

One hour of infection Statistics:
[image: locky-ransomware]

Among the highly impacted countries include Germany, Netherlands, United
States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia.

Source: The hacker news

Ameerwww.linuxmails.com | khan@azmuna.comRiyadh,KSA

Revisions

No comments yet.

Leave a Reply