A cryptolocker variant, the locky virus, has found a new way to infect your computer through the process of Word document Macros.
The infected Work document will request that you enable macros in Word and then will install the true malware. If Macros are already enabled, the simply opening the document will install the virus. Once installed, it scans and encrypts your network drives, documents, music, videos, images, archives, databases and Web apps. Its nasty and if you dont have backups, your in trouble.
Like the Crpytolocker before it, the virus runs from the Temp folders that our CrpytoPrevent tool monitors and protects.
Locky’s mechanics are pretty much like every other ransomware package currently floating around in malware marketplaces. It leaves a ransom note called “_Locky_recover_instructions.txt” pointing its victims to its payment channels.
To protect yourself make sure you have at least Office 2007 and that it is up to date. By default Macro’s are disabled so don’t enable them.
